Massive Amount of Malware Targets Older Java Flaws

Trailrunner7 writes "It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same pattern as malware exploiting Microsoft vulnerabilities has for years. Research from Microsoft shows that there has been a huge spike in malware targeting Java vulnerabilities since the third quarter of 2011, and much of the activity has centered on patched vulnerabilities in Java. Part of the reason for this phenomenon may be that attackers like vulnerabilities that are in multiple versions of Java, rather than just one specific version."

It's Java Browser Plugin!

[coder111]

How many times do I have to repeat this. ALMOST ALL THE VULNERABILITIES TARGET JAVA APPLETS THAT RUN WITH JAVA PLUGIN INSIDE BROWER. This is not java the language in general, this is not even the JVM, this is the stupid applet sandbox. And nobody uses applets for anything anymore, this is obsolete technology maintained for backwards compatibility.

95% of Java today is running on the server-side. And there are very few security problems there.

Given the amount of articles and FUD targeted at Java on Slashdot in recent months, they could have gotten this right by now. Editors, please be explicit about this being java APPLET/BROWSER PLUGIN vulnerability every time this comes up. This is not Java language vulnerability.

--Codera