Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle's Java security update lacking, experts say

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 20 Dec 2012 04:13:27 -0600 (CST)
http://www.csoonline.com/article/724327/oracle-s-java-security-update-lacking-experts-say

By Antone Gonsalves
CSO
December 19, 2012
Oracle's latest update of the Java Development Kit fails to go far enough in fixing the security-troubled platform, bringing only marginal improvements instead, experts say.
Among the improvements in Java SE Development Kit 7, Update 10 (JDK 7u10) is the ability to use the control panel to prevent Java applications from running in browsers. Vulnerabilities in Java are a major target for cybercriminals hoping to infect computers with malware.
That's because hackers know many people do not keep the Java plug-in for browsers up to date, leaving old flaws open to exploitation. This has resulted in a high success rate for attackers. In 2011, an exploit integrated into the Blackhole toolkit, a hacker favorite, had more than an 80 percent success rate, according to HP's security research division.
Other improvements in JDK 7u10 include using the control panel to choose from four levels of security for unsigned applets, Java Web Start applications and embedded JavaFX applications that run in a browser. In addition, Oracle has added a dialogue box that will warn people when the Java plug-in needs to be updated to prevent exploits. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: