Your IP is:

44.200.210.43

[More Detail]


Instant Port Checker

IP:[get my ip] Port1:[EL2/PR2/PM3]   [XON NVR] Port2: Port3:

Skip to content

Massive Java update won’t get Oracle out of attacker’s crosshairs

Java continues to be Public Enemy No. 1 when it comes to computer and network security. Oracle released a huge update for the virtually ubiquitous software, but attackers aren’t done exploiting Java as the weakest link in the security chain, and Oracle isn’t securing it fast enough.

The update released by Oracle yesterday addresses 40 vulnerabilities in Java. It also enables online certificate revocation in Java by default, to allow Java to verify in real time whether certificates used to sign Java code have been revoked to prevent execution of malware.

java
Java is an attacker’s dream; it’s virtually ubiquitous and full of holes.

The update is impressive in scope and scale, and it’s important for IT admins and users to apply it as soon as possible. Amol Sarwate, director of Qualys Vulnerability Labs, notes in a blog post, “All vulnerabilities except three can be exploited remotely by an attacker, and in most cases, the attacker can take complete control of the system.”

Lamar Bailey, director of security research and development for Tripwire, has dubbed 2013 “the year of the Java vulnerability.” Bailey points out that Java is widely used across multiple platforms, and that alone makes it a juicy target for attackers. “Java is squarely in the crosshairs of many hackers and security researchers and that’s not going to change in the short term.”

To read this article in full or to leave a comment, please click here

PCWorld

Categories: General.

Tags: , , , , , ,