First, yes, Java is that prevalent. There's no a single corporate company out there were there's not Java devs. As simple as that. Then Java is also on so many systems even outside the corporate world: both Windows on OS X. It's typically not there by default but on Windows it depends on who ships the machine. On OS X now at least they don't ship it by default but it's trivial to install.
But really the problem ain't Java but Java applets.
Java as in "The JVM" is actually not bad at all on the server side: on the contrary, it's very robust. There are have been two very lame exploits in 2011 allowing Denial of Services on Java webservers, but no remote exploit working on Java servers.
The problem is Java on the client-side: i.e. on people's computers. In other word: the issue is pathetically lame Java applets.
Java applets have to be the most stupid, silly and insecure lame technology ever invented by Sun.
You should have been there in comp.lang.java.programmer back in the nineties when people were saying how stupid, silly and insecure a lame tech Java applets were... Only to be laughed at by the like of Jon Skeet (the most upvoted user today on StackOverflow). To most Java early adopters Java applets were "the nuts". Supposedly the one tech going to solve all our problems.
It "only" took close to 15 years to prove wrong all the retards who thought Java applets were a good thing.
And now we're in this big mess.
For end-users it's easy: remove Java or disable Java applets.
But for the corporate world it's not so simple: many devs are, well, Java devs. Because Java is pretty much what powers the corporate world (hint: no, it's not Excel).
Then even if most apps tend to be webapps now, there are still a lot of in-house apps which are Java apps and corporate drones do need to use these apps.
Then there are all the Android / dalvik devs: world is moving to mobile and Android is huge. Hence Java is huge.
Hence you can count on many, many, many more Java exploits being used to infiltrate companies.
Companies whose users / devs are using very poor security practices anyway.
But really the problem ain't Java but Java applets.
Don't know about you but I find it fascinating how many comments fail to make a distinction between the vulnerable 'javaws' (i.e., applets) and the far more common 'java' vm. This 'mistake' illustrates both java competitor astroturfing and simple ignorance on the part of those commenting. Are there other potential reasons so many don't know or intentionally obfuscate the difference between java and javaws?
First, yes, Java is that prevalent. There's no a single corporate company out there were there's not Java devs. As simple as that. Then Java is also on so many systems even outside the corporate world: both Windows on OS X. It's typically not there by default but on Windows it depends on who ships the machine. On OS X now at least they don't ship it by default but it's trivial to install.
But really the problem ain't Java but Java applets.
Java as in "The JVM" is actually not bad at all on the server side: on the contrary, it's very robust. There are have been two very lame exploits in 2011 allowing Denial of Services on Java webservers, but no remote exploit working on Java servers.
The problem is Java on the client-side: i.e. on people's computers. In other word: the issue is pathetically lame Java applets.
Java applets have to be the most stupid, silly and insecure lame technology ever invented by Sun.
You should have been there in comp.lang.java.programmer back in the nineties when people were saying how stupid, silly and insecure a lame tech Java applets were... Only to be laughed at by the like of Jon Skeet (the most upvoted user today on StackOverflow). To most Java early adopters Java applets were "the nuts". Supposedly the one tech going to solve all our problems.
It "only" took close to 15 years to prove wrong all the retards who thought Java applets were a good thing.
And now we're in this big mess.
For end-users it's easy: remove Java or disable Java applets.
But for the corporate world it's not so simple: many devs are, well, Java devs. Because Java is pretty much what powers the corporate world (hint: no, it's not Excel).
Then even if most apps tend to be webapps now, there are still a lot of in-house apps which are Java apps and corporate drones do need to use these apps.
Then there are all the Android / dalvik devs: world is moving to mobile and Android is huge. Hence Java is huge.
Hence you can count on many, many, many more Java exploits being used to infiltrate companies.
Companies whose users / devs are using very poor security practices anyway.