Developers have plenty to look forward to in Java, given efforts afoot to add modularization and to improve data access and performance.
Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).
Researchers have uncovered a piece of botnet malware that is capable of infecting computers running Windows, Mac OS X, and Linux that have Oracle's Java software framework installed.
Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied -- and 14 percent of all successful PC exploits -- in Cisco Systems' recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major "popular vectors for criminal activity," the report states. Specifically, Java on the client is the problem.
Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure's new threat report.