According to a tweet posted by Aleks Gostev, Chief Security Expert, Global Research and Analysis Team at Kaspersky Lab, 50% of the visitors to their newly launched Flashback information site, are still running outdated versions of Java, potentially exposing themselves to numerous exploitation attempts courtesy of malicious attackers.
The cybercriminals behind the Flashback Mac OS X malware are exploiting CVE-2011-3544 and CVE-2012-0507 vulnerabilities in Java, and that's just for starters.
According to Zscaler, hundreds of thousands of enterprise users remain exposed to malicious attacks, due to the fact that they're running outdated versions of their third-party software.
Here's the summary of their findings affecting, both, Mac OS X users and Windows users:
Adobe Acrobat - 62.54% of out-dated plugins
Adobe Shockwave - 35.69% of out-dated plugins
Microsoft Outlook - 7.26% of out-dated plugins
Java - 5.88% of out-dated plugins
Adobe Flash - 4.37% of out-dated plugins
Microsoft SilverLight - 1.73% of out-dated plugins
QuickTime - 1.71% of out-dated plugins
Windows Media - 1.25% of out-dated plugins
RealPlayer - 0.23& of out-dated plugins
A malicious attacker targeting the Mac OS X platform, doesn't need to take advantage of zero day vulnerabilities, due to the fact that end users continue failing to patch their third-party applications and browser plugins. What's particularly interesting in the Flashback Mac OS X malware attack, is the fact that the cybercriminals behind it took advantage of the delayed patch for Java under Apple's OS. Taking into consideration the percentages of end users still using the Web with outdated third-party applications and browser plugins, multiple Flashback related campaigns could be launched relying on this fact.