Security holes in Java appear to be the leading cause of Black Hole infections, according to the Sophos 2013 threat report. In 2012, more than 600,000 Mac users were infected by the Flashback botnet as a result of a Java vulnerability left unpatched on OS X. Sun Microsystems, which developed Java and was acquired by Oracle in 2010, put security in place to protect the Java virtual machine, but the fact that it is so widely deployed makes it an attractive target for attackers. Java's complexity and age make it difficult to protect. It is widely used at enterprises, but security experts say IT teams can use registry zones to implement tighter restrictions, controlling where Java is running in the environment.