Java vulnerabilities

It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but reinforce that notion. Start where […]

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to deflate any good will toward Java that resulted.

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely exploitable. Java 7 update 21 is part of Oracle’s scheduled Critical Patch Updates for the program and browser plug-in. Zero-day vulnerabilities discovered and exploited throughout the […]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.