A new study by researchers with Kaspersky Lab found that the number of attacks on their customers exploiting Java reached more than 14 million between September 2012 and August 2013.
The situation may be exacerbated by many users not keeping up to date with patches. According to Kaspersky Lab (pdf), of the 161 vulnerabilities detected in various versions of Java during the life of the study, most were in versions 1.5, 1.6 and 1.7, which are the most prevalent versions of the software.
"Remarkably, SE 6 U37 — released back in October 2012 — was the most recent version of Java 1.6 in the Top 10 most commonly used versions," according to the report. "The conclusions are obvious: one and a half months after the release of the latest version of Java, most users are still working with vulnerable versions."
Java security has had a rough year from both a security and a public relations standpoint. The presence of high-profile vulnerabilities and activity by attackers arming exploit kits with attack code prompted Oracle in January to pledge security improvements and additional outreach to educate the Java user community.
Looking for tech help?
Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.