Users do not apply Java patch despite its availability

News by Dan Raywood

A recent Java update was only downloaded by seven per cent of users.

A recent Java update was only downloaded by seven per cent of users.

According to research by Websense Security Labs, a month after April's Java update was released by Oracle, only seven per cent of users had upgraded to the latest version. Also, shortly after the update was distributed an exploit taking advantage of one of the fixed vulnerabilities went live.

The company found that after a full week, the average adoption of the newest version of Java was at less than three per cent and after two weeks rose to a little over four per cent. A month after release, the number of live web requests using the most recent version of Java was only around seven per cent.

Carl Leonard, senior security researcher at Websense Security Labs, said: “With the massive amount of Java zero-days, known vulnerabilities and headline-grabbing attacks using these vulnerabilities, most security professionals know that Java has been the equivalent of a faulty lock on your home.

“Unfortunately, the lock is proving very hard to secure and cyber criminals continue to get through. Since we can't yet manage to curtail this risk by patching in a timely manner, we absolutely must apply secondary defences to interrupt other stages of the attack life cycle and prevent data theft.”

Oracle announced plans this week for a regular patching cycle for Java and other products after a series of zero-days were discovered in the early part of 2013.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews