Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure's new threat report.
Pretty much every tech company makes its own tablet now, so why not Oracle, too?
The enterprise software and hardware company has unveiled the "DukePad," a tablet powered by a Raspberry Pi and JavaSE Embedded 8. It's not actually for sale, but Oracle described it a few days ago in a technical keynote at its JavaOne conference and posted all the details on the OpenJDKWiki. In addition to providing instructions, open source software, and pointers to the necessary hardware, Oracle said it is "working with suppliers to make available pre-made kits that can be more easily assembled."
The security of Oracle's Java software framework, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits, security researchers said.
Warning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks.
That alert came via F-Secure anti-malware analyst Timo Hirvonen, who reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code. The Java runtime environment (JRE) bug (CVE-2013-2463), was publicly revealed when Oracle released Java 7 update 25 in June 2013, which remains the most recent version of Java.
The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.