Skip to main content

Java

Critical Java Update Plugs 37 Security Holes

posted onApril 17, 2014
by l33tdawg

Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).

Java's security dilemma: Old, vulnerable versions won't go away

posted onJanuary 22, 2014
by l33tdawg

Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied -- and 14 percent of all successful PC exploits -- in Cisco Systems' recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major "popular vectors for criminal activity," the report states. Specifically, Java on the client is the problem.

Oracle makes tablet with Raspberry Pi and Java

posted onSeptember 27, 2013
by l33tdawg

Pretty much every tech company makes its own tablet now, so why not Oracle, too?

The enterprise software and hardware company has unveiled the "DukePad," a tablet powered by a Raspberry Pi and JavaSE Embedded 8. It's not actually for sale, but Oracle described it a few days ago in a technical keynote at its JavaOne conference and posted all the details on the OpenJDKWiki. In addition to providing instructions, open source software, and pointers to the necessary hardware, Oracle said it is "working with suppliers to make available pre-made kits that can be more easily assembled."

Hackers Target Java 6 With Security Exploits

posted onAugust 27, 2013
by l33tdawg

Warning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks.

That alert came via F-Secure anti-malware analyst Timo Hirvonen, who reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code. The Java runtime environment (JRE) bug (CVE-2013-2463), was publicly revealed when Oracle released Java 7 update 25 in June 2013, which remains the most recent version of Java.

TOR Project: Stop using Windows, disable JavaScript

posted onAugust 6, 2013
by l33tdawg

The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.

The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

Adam Gowdiak uncovers new vulnerability in Java 7 which opens door to 10-year-old attack

posted onJuly 19, 2013
by l33tdawg

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.

The vulnerability was reported Thursday to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.