Over 93 percent of endpoints used an unpatched variant of Java that cyber criminals could exploit with the Cool exploit kit, a new report said.
The report comes from data collected from tens of millions of endpoints by Websense’s Advanced Classification Engine (ACE). To get a real-time telemetry about vulnerable Java versions, the data then went into the Websense ThreatSeeker Network.
According to the security firm, about 5 percent of web browser users utilize the latest Java Runtime Environment, which is JRE 7 update 17.
In addition, users (78.86 percent) still haven’t migrated to Java 7, which means their systems are highly vulnerable to cyber attacks.
“Grabbing a copy of the latest version of Cool and using a pre-packaged exploit is a pretty low bar to go after such a large population of vulnerable browsers,” said Charles Renert, vice president of Websense Security Labs.
“Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75 percent using versions that are at least six months old, nearly two-thirds being more than a year out of date, and more than 50 percent of browsers are greater than two years behind the times with respect to Java vulnerabilities.”
Besides the exploit for Java 7 update 15, which affects 93 percent of the population of browsers, Cool also contains exploits for Java 7 update 11 and Java 7 update 7, to which 84 percent, respectively 74 percent of endpoints are vulnerable.
Exploits for Java 7 update 6 and update 4 are now a part of the Blackhole 2.0, RedKit, CritXPack or Gong Da. Nearly three quarters of the endpoints analyzed by Websense could suffer compromise by these exploits kits.