Report: Java Vulnerabilities: Write Once, Pwn Anywhere

Java Vulnerabilities: Write Once, Pwn Anywhere

Java Vulnerabilities ReportJava was originally released with the slogan “write once, run anywhere,” which was intended to underscore its cross-platform capabilities. Over time, Java has become ubiquitous on endpoints, so “run anywhere” can be interpreted as referring to its ubiquity. Even as fewer websites and Web applications require Java in order to operate properly, the technology is pervasive on virtually every end-user system. For a variety of reasons, Java also has become a platform that is highly vulnerable to attack.

Java’s ubiquity and vulnerabilities have made it the technology most frequently exploited by cyber attackers. So it is timely to closely explore the breadth and state of its deployment among enterprises. Bit9 undertook an examination of these questions, leveraging endpoint data across many organizations. The results are surprising and concerning:

  • Java has become the most targeted endpoint technology.
  • Most endpoints have multiple versions of Java installed, in part because the Java installation and update process often does not remove old versions.
  • Attackers often target old, vulnerable versions installed on the endpoint.
  • Fewer than 1 percent of enterprises run the latest version of Java.

Download Report

 I agree to the Privacy Policy