Most Are Running Vulnerable Versions of Java
According to a Rapid7 researcher, only 38 percent of those running the Java Runtime Environment have updated to the newest version of the software -- and the number only reaches that high after a patch has been out for six months.
What's even scary is in the first month of a Java update, the adoption rate is below 10 percent.
What's so alarming about this? Take the latest news that code for successfully exploiting a Java flaw has been added to the well-known hacker toolkit called BlackHole. The vulnerability in question allows hackers to bypass Java's sandbox and load up an unsuspecting user's computer with malware.
However, there's an easy way to avoid this attack that has been seen running wild online: update your Java! The newest version of Java, which was released Feb. 15, will keep you protected from falling victim to this exploit. However, according to security researcher estimates, only a little more than 10 percent of you are protected.
Oracle needs to take a page out of Mozilla's book and silently push these updates to everyone on release. I'm pretty sure something as simple as an update to Java doesn't need the rigorous testing period that's reserved for "critical" Windows fixes.
Actually, speaking of Mozilla, it has blacklisted any outdated version of Java in its Firefox Web browser (I found this out last night. Apparently the Java on my home PC had evaded updates since last June.)
When do you update your Java? When a patch is released? When you remember? Want to shame me for being part of the 70 or so percent with an out-of-date Java? Let me know at firstname.lastname@example.org.