Tag Archive for: Java

Oracle settles FTC dispute over Java updates

/in

Network World Tim Greene

Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

/in

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.

The flaw is located in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation. The library is used by default in multiple Java application servers and other products including Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS.

The flaw is specifically in the Collections component of Apache Commons and stems from unsafe deserialization of Java objects. In programming languages, serialization is the process of converting data to a binary format for storing it in a file or memory, or for sending it over the network. Deserialization is the reverse of that process.

To read this article in full or to leave a comment, please click here

Network World Security

Oracle has just given you another reason not to install Java on your Mac

/in

If you run Java on your computer you are increasing your attack surface, as malicious hackers will often exploit vulnerabilities … Well, now those kind fellows at Oracle have come up with another reason why Mac users may not want to install Java on …
mac hacker – read more

HTML5 goes officially live – now you really CAN say goodbye to Java in your browser!

/in

Of the 21.5 years that the WWW has been going strong, 15 have been spent getting from HTML 4 to HTML5. That’s quite a journey! Paul Ducklin takes look at where we are now…
Naked Security – Sophos