Skip to main content

Java's security dilemma: Old, vulnerable versions won't go away

posted onJanuary 22, 2014
by l33tdawg

Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied -- and 14 percent of all successful PC exploits -- in Cisco Systems' recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major "popular vectors for criminal activity," the report states. Specifically, Java on the client is the problem.

Oracle, which oversees Java, has stressed a need for users to upgrade to the latest version of Java to fend off security problems. Cisco also sees a benefit in upgrading to the latest Java version. If only it were so easy.

An example of this dilemma is that 76 percent of companies using Cisco Web Security services are still running Java 6, which has reached its end of life and is unsupported. Because of application dependencies, many organizations have had no choice other than to stick with older Java versions despite the security risk they pose, therefore having to run, troubleshoot, and support multiple Java versions.

Source

Tags

Java Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th