Users take their time over Java and Flash updates
Of the computers studied by Kaspersky in the third quarter, 35 per cent suffered from a Java vulnerability and 19 per cent from a vulnerability in an Adobe product. Comparing Kaspersky's quarterly security reports from 2010 to 2012 shows that the Oracle and Adobe update agents are not good enough at getting their users to carry out updates. Since 2010, Java and Flash Player have enjoyed an uninterrupted reign at the top of the Kaspersky list. Microsoft, in contrast, has gradually dropped out of the top 10, suggesting that its patch routines are working.
Kaspersky's top 10 for the third quarter of 2012 is filled by Oracle Java, Adobe Flash Player, Reader and Shockwave, Apple's QuickTime and iTunes, and Nullsoft's Winamp. 35 per cent of the computers studied by Kaspersky were affected by vulnerabilities in Java, with just under 19 per cent vulnerable to infection through the Adobe Flash Player.
Source: Krebs On Security
Compared to the third quarter of 2011, Adobe has at least improved by a few percentage points. Sun/Oracle Java, however, has remained mired around the 30 per cent mark since 2010. Java's patch and update agents are therefore well behind the competition. Adobe stands out in these security reports for the number of vulnerabilities which users have failed to fix and the number of affected products. Adobe tends to occupy fifth place in Kaspersky's top 10, also suggesting that Adobe's update agents could do better.