Few apps are as widely installed as an underlying operating system and thus, until fairly recently, the OS is where crooks have directed most of their attacks. However, the criminals are now aiming a large percentage of their attacks at ubiquitous apps like Adobe Reader and Java. In an astonishing turn of events, the security firm, Kaspersky, recently reported “in the last quarter, 56 per cent of all attacks on systems in its security network sought to exploit unpatched Java flaws as an entry point for malware attacks”. The report went on to state that Adobe Acrobat Reader was the second most targeted app (with 25% of reported attacks) and Microsoft Windows was a distant third, with only 4% of reported attacks.
Why Java, in particular? Oracle’s Java page reports there are 1.1 BILLION desktops running Java, almost 1 BILLION downloads each year, 3 BILLION mobile phones running Java and 3 times more Java phones shipped annually than iOS and Android phones combined. That’s a ton of potential targets for a crook’s exploit to wreak havoc. And, financial institutions, companies and individuals generally have much less of a handle on keeping Java and Adobe apps patched than they do on patching the Windows OS.
Why all this background info, much of which you probably already know?
Oracle just announced it will stop patching Java 6 after February 19, 2013. Oracle has been issuing patches for both Java 6 and the current version, Java 7, for some time. As a result, many individuals and enterprises have resisted the move to Java 7. The good news is Oracle says the next Java patch, after February 19th, will be released on June 18, 2013. However, Oracle cannot possibly guarantee it will not issue any patches during those 4 months because currently undiscovered vulnerabilities might need to be patched during that period.
“Java 6's support death presents special problems for Mac users. While Java 7 runs on all current editions of Windows, including the 11-year-old Windows XP, it requires OS X 10.7, aka Lion, or its successor, Mountain Lion, on Macs,” reports Gregg Keizer with Computerworld.
Well, best to start investigating potential compatibility issues with Java 7 sooner than later. Because in 60 days, Java 6 will reach its end-of-support.