Browser plug-ins and extensions such as Java and Flash have become easy pickings for attackers due to their ubiquity. Many users fail to update their software very often and are vulnerable to new exploits. About 25 percent of Flash users are running a version that s at least six months old and 19 percent of business users aren t running the newest version of Java. Researchers have been highly critical of Oracle in the last few years for not paying more attention to Java security, but if users aren’t updating to the newest versions when they re available.
Source: https://threatpost.com/many-flash-java-users-running-older-vulnerable-versions/102203/