Java Vulnerabilities Exploited Within Five Days, Azul Reports

Severity: High (Score: 64.5)

Sources: Morningstar, Au.Finance.Yahoo

Summary

Azul has revealed that the mean time to exploit Java vulnerabilities has drastically decreased from 32 days in 2018 to just five days in 2023. This alarming trend is attributed to the rapid exploitation capabilities of attackers, particularly those utilizing AI-assisted tools. Enterprises relying on free and unsupported Java runtimes face significant risks, as they typically take between 60 to 150 days to remediate vulnerabilities. Azul noted that Java distributions average 10-12 vulnerabilities per quarterly update, with one case reported by Cloudflare where exploitation occurred in just 22 minutes. Organizations without commercial Java support lack guaranteed access to timely fixes, increasing their exposure to potential breaches. The compliance risks are also significant, as GDPR mandates breach notifications within 72 hours, creating a substantial gap for those without commercial support. Azul is one of the few providers, alongside Oracle, that offers Critical Set Updates (CSUs) to address these vulnerabilities more rapidly. Key Points: • Mean time to exploit Java vulnerabilities has dropped to five days as of 2023. • Enterprises take 60 to 150 days on average to remediate vulnerabilities. • Organizations using unsupported Java runtimes face increased exposure and compliance risks.

Key Entities

• businesswire.com (domain)
• treblepr.com (domain)
• Java (platform)