Java poses the biggest security risks to PCs in US

According to a new series of reports published by Secunia firm, Oracle Java poses the biggest security risks to Desktop machines in the US.

According to the a new report published by Secunia security vendor, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x.

Oracle Java is of one of the most popular software, in 2014 the software was installed on 65 percent of computers, this aspect makes it a privileged target for hackers that exploit the numerous flaws discovered by the security community.

“If a vulnerable program remains unpatched on your PC, it means that your PC is vulnerable to being exploited by hackers. So if 49% of PCs running Adobe Reader X 10.x, who have a 32% market share, are unpatched, 16% of all PCs are made vulnerable by that program. The same PC can have several other unpatched, vulnerable programs installed. ” states the report.

The report issued by Secunia highlights that nearly 48 percent of users aren’t running the latest, patched versions, resulting exposed to numerous cyber threats.

“This is not because Java is more difficult to patch, but the program has a high market share and a lot of the users neglect to patch the program, even though a patch is available,” said Kasper Lingaard, the Secunia director of research and security.

In 2014, the security experts discovered 119 new vulnerabilities in Oracle Java software and 14 flaws in Apple Quicktime 7.x. Apple Quicktime was characterized by 57 percent penetration on desktops, but only 56 percent was patched.

The top-ten list of applications includes also Adobe Reader 10.x and 11.x, Microsoft .NET framework 2.x, 3.x, and 4.x, VLC Media Player 2.x, Internet Explorer 11.x and Microsoft XML Core Services 3.x.

Microsoft Internet Explorer is the software that contains the greatest number of vulnerabilities,  248, the number of flaws was increased compared last year.

Analyzing the distribution of vulnerabilities, it is possible to note that 47 percent of vulnerabilities last year was discovered in Microsoft applications, 47 percent for third-party software, and 6 percent of the operating system.

The data are coherent with the number of applications installed on desktop computers, which have in average 76 different programs installed from 27 different vendors, where Microsoft solutions account for 41 percent of the total.

Another concerning data is the percentage of users with unpatched operating system, nearly 12.9 percent while 5.7 percent of applications don’t have security patches available because they are in phase out (i.e. Adobe Flash Player 15 which is still installed on 73 percent of Desktops).

Secunia has released individual reports for eleven European countries, Australia, New Zealand and Saudi Arabia and results show a similar trend.

Enjoy reading the reports.

Pierluigi Paganini

(Security Affairs – Secunia, Java)