Developers have plenty to look forward to in Java, given efforts afoot to add modularization and to improve data access and performance.
Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).
Researchers have uncovered a piece of botnet malware that is capable of infecting computers running Windows, Mac OS X, and Linux that have Oracle's Java software framework installed.
Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Java accounted for 91 percent of Web exploits tallied -- and 14 percent of all successful PC exploits -- in Cisco Systems' recent 2014 Annual Security Report, far outpacing Adobe Flash and PDF documents, the other major "popular vectors for criminal activity," the report states. Specifically, Java on the client is the problem.
Java was the most targeted development platform for exploit attacks during the first half of the year, and attacks have increasingly shifted to zero-day vulnerabilities, according to F-Secure's new threat report.
Pretty much every tech company makes its own tablet now, so why not Oracle, too?
The enterprise software and hardware company has unveiled the "DukePad," a tablet powered by a Raspberry Pi and JavaSE Embedded 8. It's not actually for sale, but Oracle described it a few days ago in a technical keynote at its JavaOne conference and posted all the details on the OpenJDKWiki. In addition to providing instructions, open source software, and pointers to the necessary hardware, Oracle said it is "working with suppliers to make available pre-made kits that can be more easily assembled."
The security of Oracle's Java software framework, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits, security researchers said.
Warning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks.
That alert came via F-Secure anti-malware analyst Timo Hirvonen, who reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code. The Java runtime environment (JRE) bug (CVE-2013-2463), was publicly revealed when Oracle released Java 7 update 25 in June 2013, which remains the most recent version of Java.
The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.
Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.
The vulnerability was reported Thursday to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.