The Java and Flash Security Fix That Everyone Ignores

The Java and Flash Security Fix That Everyone Ignores

  • Post category:Web
As the cybercrime has advanced, patching of vulnerable software programs as soon as possible is the key to keep your system secure. Still, consumers are leaving their systems open to malicious attacks by failing to patch the two omnipresent software: 
Adobe’s Flash and Oracle’s Java.
Over the recent past 15 months, Java users with the unpatched version have significantly increased to a huge 50 percent, says the report released by a data vulnerability firm Secunia. Similar is the case with users of adobe flash player in the U.S., the number of users with the older versions reached 25 percent at the end of 2014, slightly up from a year earlier.
Software programs like Flash and Java, which run on almost every operating system are “boon for hackers”, said the director of research and security (Kasper Lingaard) at Secunia. “Since these programs run on various platforms, so the hackers can use it on every target”, he added.
Not surprising, the developers and users of cyber hacking tools popularly known as exploit kits, emphasize on both Flash and. Whilst the number of attacks from these exploit kits has significantly declined since the arrest of the famous hackers group known for the Blackhole exploit in 2013, still a number of exploit kits have showed up and almost everyone contains exploits for both these software.
The Styx exploit kit released in the later half last year possessed the ability to compromise systems through any of the three Java flaws. 
Whilst all the vulnerabilities were patched by Oracle, but cybercriminals know about the users as they tend to be slow to patch. FlashPack, another exploit kit, contains code that has the ability to compromise system using the four Flash vulnerabilities, which include three different bugs in Microsoft Internet Explorer and two Java flaws.
DevelopIntelligence mentioned in a recent story that Java was the most popular and main target of hackers back in 2013, but the number of attacks declined by one third in 2014 according to the Cisco’s 2015 Annual Security Report. A security firm trend Micro conducted a survey on these exploit kits and found that vulnerabilities in Adobe Flash are the most popular amongst these hackers
It is unclear why users have not patched. Both Oracle and Adobe have focused on security. Installing the latest version of Java should uninstall older, vulnerable versions of the program. Adobe regularly releases software updates. Both companies have added automatic update capabilities to their programs and have set the default setting to regularly check for and install updates.
Adobe insists all users to update to the latest version of the software. “The company has seen a drop-off in successful attacks” says Peleus Uhley, lead security strategist at Adobe Inc.
He also added “The majority of these attacks are exploiting not up to date software, so we strongly recommend our users to regularly update as a best defense against these malicious attacks” 
Other major companies also support the same strategy. Cisco found that companies and users that enable automatic updates are comparatively less vulnerable