Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).
Researchers have uncovered a piece of botnet malware that is capable of infecting computers running Windows, Mac OS X, and Linux that have Oracle's Java software framework installed.
Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied -- and 14 percent of all successful PC exploits -- in Cisco Systems' recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major "popular vectors for criminal activity," the report states. Specifically, Java on the client is the problem.
Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure's new threat report.
Pretty much every tech company makes its own tablet now, so why not Oracle, too?
The enterprise software and hardware company has unveiled the "DukePad," a tablet powered by a Raspberry Pi and JavaSE Embedded 8. It's not actually for sale, but Oracle described it a few days ago in a technical keynote at its JavaOne conference and posted all the details on the OpenJDKWiki. In addition to providing instructions, open source software, and pointers to the necessary hardware, Oracle said it is "working with suppliers to make available pre-made kits that can be more easily assembled."