home Software Applications Java poses the biggest security risks to PCs in US

Java poses the biggest security risks to PCs in US

Feb 9, 2015

This post is also available in: עברית (Hebrew)

Oracle Java is of among the most popular software ever installed in personal users’ systems in the US. In 2014, Java was installed on 65 percent of computers, making it a privileged target for hackers that exploit the numerous flaws discovered by the security community.

Now, according to the a recent report published by Secunia, a cybersecurity vendor, Oracle Java software is said to represent the primary source of security problems for private US desktops, followed by Apple Quicktime 7.x. Secunia has released individual reports for eleven European countries as well as Australia, New Zealand and Saudi Arabia. Their respective figures and results show a similar trend.

The report, quoted, inter alia, by Security Affairs, states as follows: “If a vulnerable program remains unpatched on your PC, it means that your PC is vulnerable to being exploited by hackers. So if 49% of PCs running Adobe Reader X 10.x, who have a 32% market share, are unpatched, 16% of all PCs are made vulnerable by that program. The same PC can have several other unpatched, vulnerable programs installed. ”

The report issued by Secunia highlights that nearly 48 percent of users aren’t running the latest, patched versions. This results in higher exposure to numerous cyber threats.

“This is not because Java is more difficult to patch, but rather due to the fact this program has a high market share and a lot of the users neglect to patch the program. This, even though a patch is available,” said Kasper Lingaard, a director of research and security at Secunia.

In 2014, security experts discovered 119 new vulnerabilities in Oracle Java software and 14 flaws in Apple Quicktime 7.x. The latter was characterized by 57 percent penetration on desktops, but only 56 percent of software installations had been patched. The top-ten list of applications includes also Adobe Reader 10.x and 11.x, Microsoft .NET framework 2.x, 3.x, and 4.x, VLC Media Player 2.x, Internet Explorer 11.x and Microsoft XML Core Services 3.x.

Microsoft Internet Explorer is the software that contains the greatest number of vulnerabilities: 248. The number of flaws increased compared with the previous year. An analysis of the distribution of vulnerabilities, reveals that 47 percent of vulnerabilities in 2014 were discovered within Microsoft applications, 47 percent for third-party software, and the remaining 6 percent in the respective operating systems.

Another relevant data is the percentage of users with unpatched operating system, nearly 12.9 percent. Moreover, 5.7 percent of applications do not have any security patches available because they have either been phased out, or in the process of being phased out. One notable example is Adobe Flash Player 15. This software which is still installed on 73 percent of Desktops in the US.