Researcher: 50 percent of Mac OS X users still running outdated Java versions

Summary:According to a tweet posted by Aleks Gostev, 50% of the visitors to their newly launched Flashback information site, are still running outdated versions of Java.

According to a tweet posted by Aleks Gostev, Chief Security Expert, Global Research and Analysis Team at Kaspersky Lab, 50% of the visitors to their newly launched Flashback information site, are still running outdated versions of Java, potentially exposing themselves to numerous exploitation attempts courtesy of malicious attackers.

The cybercriminals behind the Flashback Mac OS X malware are exploiting CVE-2011-3544 and CVE-2012-0507 vulnerabilities in Java, and that's just for starters.

According to Zscaler, hundreds of thousands of enterprise users remain exposed to malicious attacks, due to the fact that they're running outdated versions of their third-party software.

Here's the summary of their findings affecting, both, Mac OS X users and Windows users:

  • Adobe Acrobat - 62.54% of out-dated plugins
  • Adobe Shockwave - 35.69% of out-dated plugins
  • Microsoft Outlook - 7.26% of out-dated plugins
  • Java - 5.88% of out-dated plugins
  • Adobe Flash - 4.37% of out-dated plugins
  • Microsoft SilverLight - 1.73% of out-dated plugins
  • QuickTime - 1.71% of out-dated plugins
  • Windows Media - 1.25% of out-dated plugins
  • RealPlayer - 0.23& of out-dated plugins

A malicious attacker targeting the Mac OS X platform, doesn't need to take advantage of zero day vulnerabilities, due to the fact that end users continue failing to patch their third-party applications and browser plugins. What's particularly interesting in the Flashback Mac OS X malware attack, is the fact that the cybercriminals behind it took advantage of the delayed patch for Java under Apple's OS. Taking into consideration the percentages of end users still using the Web with outdated third-party applications and browser plugins, multiple Flashback related campaigns could be launched relying on this fact.

Apple users, with a patch for the Java vulnerabilities currently available, there's no excuse to avoid patching as soon as possible.

Topics: Apple, Hardware, Open Source, Security, Developer


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.