Feeds

Articles about Java

More flaws found in Java

No, modular Java isn't dead. It'll be in Java 9 – honest

Despite significant delays, Oracle is once again moving forward with Project Jigsaw, a major undertaking that aims to allow Java developers to break their programs down into independent, interoperable modules. Jigsaw was first intended to be a major features of Java 8. By 2012 Big O decided that waiting for Jigsaw to be ready …
Neil McAllister, 03 Jul 2014

65 patches later and Java STILL breaks stuff

Software tool vendors are complaining that recent updates to Java are breaking their environments. The problem seems to be in JVM's bytecode verification, in Java 8, Update 11 and Java 7, Update 65. According to InfoQ, developers running into the bug include JRebel (from ZeroTurnaround), the Groovy programming language, the …
Slide from Oracle's 2012 case against Google using Java

Google hauls Java-on-Android spat into US Supreme Court

Google's long and bitter dispute with Oracle over the Java implementation in Android is set to go all the way to the US Supreme Court. The court has listed Google's request to have the US Court of Appeals' decision in the case reviewed. The row has been bubbling along since 2011, when Oracle alleged Google owed it “billions” …
Simon Sharwood, 09 Oct 2014

Big Java security fixes on the way – but not so fast, Windows XP users

As if running Windows XP after Microsoft withdrew support wasn't risky enough, XP users who have Java installed may soon have even more to worry about. Oracle is due to issue its next Critical Patch Update – the massive, quarterly fix-it fests that deliver security updates across the company's entire product line, including Java …
Neil McAllister, 04 Jul 2014
ActiveX

Redmond stall means IE Java axe won't swing till September

Microsoft has handed sysadmins a reprieve by delaying the blockage of vulnerable old versions of Java in its flagship Internet Explorer web browser until September. The postponement was made on the back of complaints to Redmond, which only provided a guide to managing the issue on Tuesday. "Based on customer feedback, we have …
Darren Pauli, 14 Aug 2014
Good riddance to bad Java

Now even Internet Explorer will throw lousy old Java into the abyss

Internet Explorer will soon join its rival browsers by automatically blocking old, insecure add-ons – and it's got its eye set squarely on Java. Microsoft said on Wednesday that starting on August 12, Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and …
Neil McAllister, 07 Aug 2014

We SO DO support Java on XP, maybe even JDK 8, says Oracle

Oracle has issued a statement saying that it absolutely does support Java on Windows XP and may even decide to support JDK 8 on the orphan OS. Oracle's post on the issue says "We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable …
Simon Sharwood, 14 Jul 2014
Resident Evil zombie takeover

Multi-platform Java bot marshals ZOMBIE FORCE against spammers

Miscreants have brewed a multi-platform strain of malware capable of infecting Windows, Mac OS and Linux PCs. The evil bot, which surfaced in early January, was written entirely in Java and designed to take advantage of the CVE-2013-2465 vulnerability (a Java flaw patched by Oracle last June) to infect victims. The malware - …
John Leyden, 30 Jan 2014
Java logo

Twitter, ARM voted on to Java steering committee

Twitter and ARM have been voted onto the executive of the Java Community Process (JCP), the committee that considers and oversees changes to Java. The JCP holds elections for its executive each year. Members are either “ratified” or “elected”. The former category appears to go to organisations with obvious stakes in Java's …
Simon Sharwood, 30 Oct 2013
Lock security

Student promises Java key to unlock Simplocker ransomware

A university student claims he is set to release a Java application to decrypt the first ransomware to hit Android devices. The Simplelocker ransomware was revealed 7 June by malware analysts at Eset targeting devices in Eastern Europe. It encrypted via AES large swathes of files on Android device SD cards demanding users pay a …
Darren Pauli, 17 Jun 2014

Exploits no more! Firefox 26 blocks all Java plugins by default

The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin …
Neil McAllister, 10 Dec 2013
Java logo

Reality check: Java 8 finally catches a multi-core break

Two years later than planned, Oracle has made Java ready for a multi-core processor world. The database giant has announced general availability of Java 8, calling it a “major new release”. Java 8 is important because it’s the base spec for Java Enterprise Edition, as well as feeding the free and open-source implementation of …
Gavin Clarke, 20 Mar 2014
Sun open sources Java

Sun of a beach! Java biz founder loses battle to keep his shore private

Vinod Khosla, cofounder of Sun Microsystems and billionaire venture capitalist, has lost his battle for his own private beach after surfers successfully sued him for access. In 2008 Khosla spent $37.5m on a 53-acre property on the San Mateo coast overlooking Martin's Beach, a 200-acre stretch of sand that is much beloved by the …
Iain Thomson, 25 Sep 2014

COFFEE AND DANISH HELL: National ID system cockup forces insecure Java on Danes

A bungled IT upgrade has downed Denmark's universal NemID login system, forcing people to stay on an insecure version of Java if they want to carry out online banking, check their insurance, or retrieve tax return information. Problems with NemID were first reported on Tuesday, and on Thursday the NATS IT consultancy behind the …
Jack Clark, 17 Oct 2013
The Register breaking news

Biz bods STILL don't patch hacker's delight Java and Flash

A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense. Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of …
John Leyden, 10 Sep 2013
A cup of tea

Red Hat ships piping hot Ceylon to curry favor with Java-weary devs

After more than three years of development, Red Hat has released version 1.0.0 of Ceylon, its homebrewed, open-source programming language that's designed to be a replacement for Java. Early on, Ceylon was billed as a "Java killer" by some, but lead developer Gavin King has denied that doing away with Oracle's platform was ever …
Neil McAllister, 13 Nov 2013
Testing Java

Oracle ships Java 8 Developer Preview for testing, 18 months late

Oracle has shipped the Developer Preview of the much-delayed Java Development Kit (JDK) Version 8, the reference implementation of the Java SE 8 Platform. "If you've been watching JDK 8 evolve from afar then now is an excellent time to download a build and try it out – the sooner the better!" Oracle's chief Java architect Mark …
Neil McAllister, 11 Sep 2013
padlock

Java bug burns Borg

Cisco has asked users of its Secure Access Control System 5.5 or lower to implement an urgent patch, as it has spotted several problems with its RMI implementation. There are three independent bugs: one privilege escalation vuln (CVE ID CVE-2014-0649, here), an unauthenticated user access vulnerability (CVE 2014-0648 here), and …
More flaws found in Java

Oracle drops shedload of CRITICAL vuln-busting Java patches

Oracle's autumn batch of quarterly updates included no fewer than 127 security fixes, including 51 for Java alone. The arrival of the Critical Patch Update (CPU) from Oracle means pretty much all of the enterprise server packages from the software giant need patching. Oracle Database Server, Oracle E-Business Suite, Oracle …
John Leyden, 16 Oct 2013
The Register breaking news

Java still vulnerable despite recent patches

Just days after the latest fix, another Java vulnerability has emerged. Described in this Full Disclosure post, the Reflection API flaw affects all versions of Java SE 7 and, according to researcher Adam Gowdiak, “can be used to achieve a complete Java security sandbox bypass on a target system”. As always, the victim would …
Java logo

Oracle to lop off Java's least secure bits to save servers

Oracle has acknowledged Java's recent security problems and outlined three new security initiatives to set things to rights. The first may not please everyone, as the company has committed to including Java updates among the quarterly Oracle Critical Patch Update it provides for all its products, as of the October 2013 update. …
Simon Sharwood, 03 Jun 2013
More flaws found in Java

Critical Java SE update due Tuesday fixes 40 flaws

Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy. According to Oracle's security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and …
Neil McAllister, 14 Jun 2013
More flaws found in Java

It's about time: Java update includes tool for blocking drive-by exploits

Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing …
Neil McAllister, 13 Sep 2013
The Register breaking news

Oracle blocks security hole with quick, hot 'n' premature Java update

Oracle has brought forward the timetable of an upcoming Java security update by two weeks in order to block off an in-the-wild security hole. The update, originally scheduled for 19 February, was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java …
John Leyden, 04 Feb 2013

Java EE 7 melds HTML5 with enterprise apps

Oracle has announced public availability of Java EE 7, the first major release of the enterprise formulation of Java since the database giant took control of the platform in 2010. The last version shipped way back in 2009. Support for HTML5 and related technologies is one of the key themes of this release. Among the new APIs …
Neil McAllister, 13 Jun 2013

Oracle pours hot, steaming Java into heterogeneous heaven

The future of heterogeneous computing, in which CPUs and GPUs transparently share memory and seamlessly share tasks, has taken another step to fruition: Oracle has joined the HSA – heterogeneous systems architecture – Foundation, with the intent of making Java fully HSA-compliant. "Our intent at Oracle ... is to make [Java] the …
Rik Myslewski, 13 Nov 2013
Greg Luck, CTO at Hazelcast

Hazelcast signs Java speed king to its in-memory data-grid crew

In-memory data-grid specialist Hazelcast has landed the guru behind Java caching framework Ehcache as its chief technology officer. Greg Luck is joining Hazelcast to refine its in-memory data-grid product for enterprises and to develop paid-for packages. Luck is famous for leading Ehcache, the most widely used Java cache …
Gavin Clarke, 21 Jan 2014

Oracle patches Java 0-day, goes to Defcon 2

Oracle has patched the latest Java nasty, suggesting users of the increasingly-flaw-prone product visit java.com pronto to download a new version of the software that addresses the flaw and stops malicious websites gaining control of compromised computers. In a blog post describing the fix, Oracle's Eric P. Maurice may just have …
Simon Sharwood, 13 Jan 2013

ARM servers to gain boost from ARM, Oracle Java partnership

ARM Holdings on Monday announced that it has entered into a multi-year partnership with Oracle to optimize the Java Platform, Standard Edition (Java SE) for the ARM processor architecture, including 64-bit ARMv8 designs. ARM chips have long dominated the mobile computing biz, but this new effort will focus mainly on improving …
Neil McAllister, 22 Jul 2013
Android

'Copyrighted' Java APIs deserve same protection as HARRY POTTER, Oracle tells court

Oracle has asked an appeals court to decide that it does have copyright protection for its Java APIs, which Google used in the creation of its Android operating system, and thereby revive its billion-dollar suit against the firm. Oracle’s lawyer Josh Rosenkranz told the three-judge panel of the US Court of Appeals that Google …
The Register breaking news

Yet another Java zero-day vuln is being exploited

A new Java zero-day vulnerability is being exploited by attackers, and until it is patched everyone should disable Java in their browser. The vulnerability targets browsers that have the latest version of the Java plugin installed – Java v1.6 Update 41 and Java v1.7 Update 15 – malware researchers FireEye reported on Thursday. …
Jack Clark, 01 Mar 2013
management consumerisation

Java or .NET bod in the Midlands? Congrats - you've got a DOUBLE DIGIT payrise

IT contractors are being treated to whopping great annual pay rises of up to 13 per cent, a survey has revealed. While the rest of the world makes do with rock bottom wages, tech bods working in the financial services sector are finding their pay packets shoot skywards due to heavy demand for their skills, according to the …
Jasper Hamill, 25 Feb 2014

Java, Android were THE wide-open barn doors of security in 2013 - report

While it was another tough year for network security all around, 2013 was particularly hard on users of Java and Android, new research from Cisco has found. According to the networking giant's latest Annual Security Report, Java flaws were responsible for 91 per cent of all web-based exploits in 2013. Meanwhile, fully 99 per …
Neil McAllister, 17 Jan 2014
spiders crawl through tunnel of binary numbers

Java applets run wild inside Notes

Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory. Full Disclosure describes the effects as potentially nasty, saying "This can be used to load arbitrary Java applets from remote sources ( …
Simon Sharwood, 02 May 2013
OpenJDF logo

Azure inhales open source Java implementation

Microsoft and Azul Systems have hoisted the open source Java implementation OpenJDK onto the Redmond's Azure cloud, giving developers access to the language on Azure's Windows-based cloud services. The news was announced by Azul Systems at the O'Reilly Open Source Convention in Portland, Oregon, on Wednesday. The OpenJDK for …
Jack Clark, 24 Jul 2013
Java logo

Java open-source frameworks 'pose risk' to biz - report

Open-source programming frameworks revolutionised Java development during the last decade, but not enough people know how to use them properly. That’s according to the CRASH Special Report by CAST that sampled 496 applications with 152 million lines of code and found most apps had been misconfigured. This increased the degree of …
Gavin Clarke, 31 Jan 2013
The Register breaking news

Oracle slaps critical patch on insecure Java

Oracle has issued a critical update patch for Java as the database giant works to shore up confidence in the widely used code. The security update fixes 42 security flaws, 19 of which merit a 10 (most severe) rating acording to the CVVS metric the company uses to evaluate the software. Along with this, Oracle has also sought to …
Jack Clark, 17 Apr 2013
Credit: IGNACIO LEONARDI http://www.freeimages.com/photo/1118608

Tech talk bloke compares girlfriend to irritating Java tool – did he deserve flames?

A programmer was given a right shoeing on Twitter and various blogs for a classy move at a tech event – comparing Apache Maven to a beautiful-but-annoying girlfriend. Jonathan Doklovic, principal developer at software-maker Atlassian, made the comments while giving a thrilling talk about plugins at the AtlasCamp 2014 in Berlin …
Jasper Hamill, 06 Jun 2014
More flaws found in Java

Java devs warned of pushbutton exploit for buggy Struts framework

Java developers were warned, but they didn't listen. Security researchers at Trend Micro report that old and vulnerable versions of the Apache Struts framework for Java are still in widespread use, and now Chinese hackers are using automated tools to exploit their flaws. The vulnerabilities in question were patched in the July …
Neil McAllister, 15 Aug 2013
The Register breaking news

Rotten hackers feast on mouldy Java flaws

Most enterprise networks are riddled with vulnerable Java installations, according to a new study whose release coincides with the discovery of another 0-day Java flaw. Less than one per cent of organisations are running the latest version of Java, according to a study by security software firm Bit9. The most frequently …
John Leyden, 22 Jul 2013

Java updates too much of a bother? Maybe online banking's just not for you

Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
John Leyden, 23 Sep 2013
The Register breaking news

Apple blocks Java on the Mac over security concerns

It's been a rough couple of weeks for Java. Security issues are dogging the code, the latest fix may cause almost as many problems as it solves, and now Apple has decided to block Java completely. French blog MacGeneration originally picked up the blockade, noticing that an update to Apple's XProtect now blocks all versions of …
Iain Thomson, 01 Feb 2013
Java logo

Apple banishes Java from Mac browsers

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. The update, available now and depicted at the bottom of this story, advises users to install new software with the following effect: Java for OS X 2012-006 …
Simon Sharwood, 19 Oct 2012
The Register breaking news

Java 8 release date slips again, now planned for 2014

Oracle has redoubled its efforts to address the recent spate of vulnerabilities related to Java running in web browsers, but the renewed focus on security has had an unfortunate side effect – namely, that Java 8 will no longer ship by its planned September 2013 release date. According to Mark Reinhold, chief architect for Oracle …
Neil McAllister, 18 Apr 2013
The Register breaking news

Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole

A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw. NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …
John Leyden, 05 Sep 2013
The Register breaking news

Kill that Java plugin now! New 0-day exploit running wild online

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems. The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant …
John Leyden, 10 Jan 2013
The Register breaking news

Java malware spotted using stolen certificate

If you haven't already run in the latest Java patch (issued yesterday), here's another good reason to do so: someone has turned up an exploit that uses signed code. In this post, Eric Romang looks at a malicious applet that comes with a signature using credentials stolen from Clearesult Consulting in the US. The stolen private …

New critical Java flaw claimed

Oracle's Java is making a play to wrest back the title of world's leakiest code from Internet Explorer, after Polish researcher Adam Gowdiak claimed another critical flaw exists in the product. The new claim is stated on the Full Disclosure mailing list where Gowdiak writes that the newly-found flaw impacts “all latest versions …
Simon Sharwood, 26 Sep 2012
The Register breaking news

Are you in charge of a lot of biz computers? Got Java on them?

Java security vulnerabilities - exploited to hack Apple and Facebook this month - are rife across business computers worldwide, according to new research. The overwhelming majority (94 per cent) of PCs and other endpoints running Java software and surveyed by Websense are vulnerable to at least one Java runtime exploit, …
John Leyden, 26 Mar 2013
The Register breaking news

Oracle trowels more plaster over flawed Java browser plugin

Oracle has issued a rare emergency patch to address two vulnerabilities in the Java plugin for web browsers that the company says are being actively exploited. "Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 'in the wild,' Oracle strongly recommends that customers apply the updates …
Neil McAllister, 05 Mar 2013