Case in point: In November 2010, Sophos reported that by far the largest amount of malware trawled by its free Mac antivirus software was Windows sludge. While Sophos saw a few Mac-oriented exploits, and some cross-platform attacks written in Java, it found no clear and present danger.
At some future point, smartphones and Apple OS X will likely "feel the love" from attackers. But organizations face more immediate risks. For example, despite last year's focus on Adobe patching its products against zero-day attacks, Landesman says companies were much more likely to be exploited by Java than a malicious PDF.
"In 2010, Java exploits were three-and-a-half times more prevalent than malicious PDFs, and the reason for that was simple: Everyone was focused on PDFs and taking precautions, whether that meant keeping security up to date, or Adobe issuing more security updates," Landesman says. "But users weren't focused at all on Java, which is more ubiquitous than Adobe Reader and Acrobat, and apparently this was not being patched or policed as well, and consequently it was the threat frontrunner for the year." As always, criminals prefer the easiest path to an exploit.
So, with the security of every mobile device operating system receiving intense scrutiny, and Mac watchers waiting for the day an Apple Rustock arrives, it's important to keep an eye on today's top threats, including Java.
Of course, Java also runs on mobile devices. Accordingly, will we see a large-scale Java smartphone attack? Wait for the 2012 predictions.