Four of the top five most targeted vulnerabilities for the first half of the year were found in the Java development platform, according to a recent report by computer security firm F-Secure Corp.
It’s not really surprising that attackers are attracted to Java because after all “next to the Windows operating system (also a popular target for exploits), Java is probably the second most ubiquitous program in an organization’s IT setup,” F-Secure said in statement.
The security firm’s threat report indicates that the vulnerabilities were in Java’s Runtime Environment (JRE) or the browser plug-in.
“Unfortunately, removing either the runtime or plug-in may not be a feasible option for most companies that use Java in business critical instances,” the report said.
Other options such as a combination of re-adjusting Java’s security settings, configuring Web browser settings to minimize unwanted applet executions, or installing a third-party plug and monitoring network traffic, may help.
The report said that 70 per cent of the exploits they uncovered were carried out with these five kits:
- BlackHole
- SweetOrange
- Crimeboss
- Styx
- Cool
F-Secure’s threat report also discussed the latest Mac malware and security issues around the crypto-based digital currency Bitcoin.