The big problem is that Java installations aren't being patched, Carey said, which is a problem that can be traced back to three main issues.įirst of all, organizations are often unaware of the security implications of not patching their software.
'This makes Java exploitation as simple as it gets, even if the attacker has no technical skills at all.' Patch or disable? 'Java vulnerabilities are addressed in every single major exploit pack available through underground markets, such as the Blackhole exploit pack, Eleonore pack and Crimepack, among others,' Catalin Cosoi of Bucharest, Romania's Bitdefender said. Java is a favorite target of cybercriminals because it is so easy to exploit, and also because users are frequently using outdated versions of it.