Java Security Vulnerability

page 1 of 2

Java security vulnerability

The Department of Homeland Security advises all computer users to temporarily disable Java on their systems. Java technology, which allows platform-independent code to run on virtually all operating systems, has major security flaws. Hackers are able to exploit an “open door”, allowing them to commit identity theft or install malicious software, making your computer part of a network used for cyber attacks.

Java running in the web browser is most vulnerable. Hackers will lure an unsuspecting user to their website, which installs a malicious java applet. Some hackers have even been able to compromise legitimate websites, making them hosts for malicious java applets. Do not trust any java applet, even if it is hosted on a legitimate site. Don’t install the java runtime environment on your browser or system. The former is more likely with the casual computer user. If anything pops up instructing you to install anything Java-related, don’t do it.

The good news is that if you own a Mac, Apple disabled Java back in October. It is possible to manually install Java, but most people will not do this. Java applets never really took off. Most websites present dynamic content using HTML 5/JavaScript or Flash. Java is used primarily on application servers or on the client side in Android apps. Few applications with graphical user interfaces (GUIs) are developed using Java. This reality makes it all the more obvious if any site is asking you to install Java.

It is important to note that JavaScript is not affected. JavaScript has nothing to do with Java. In fact, it was originally called LiveScript and in some circles it is known as ECMAScript. JavaScript is a completely different programming language, and operates in a secure “sandbox” environment within your browser. Don’t disable JavaScript. Doing so will limit your web browsing experience.

iOS users (iPhone, iPad, and iPod Touch) might have something to worry about. Oracle released a technology known as ADF Mobile. It allows developers to create an iOS app which runs in a lightweight Java virtual machine, installed as part of the app’s code base. Researching this issue, no one has mentioned any vulnerabilities. This doesn’t mean there aren’t any. We can only hope that Apple’s “walled garden” of the App Store has removed any malicious apps. However, if the app is running a Java Virtual Machine, it may be vulnerable. It is unlikely that you have an app developed with Oracle ADF Mobile. Most of these tend to be tools for enterprise developers to monitor their application servers or the like. Some of these apps are front-ends for enterprise systems. If your organization uses Oracle enterprise systems, and has a custom “front-end” app for iOS, you might be vulnerable. The vast majority of iOS users have nothing to worry about. (continue…)

next page →

Share This Page

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Follow Appledystopia

twittergoogle_pluspinteresttumblr

Please leave a comment. Email, name and website fields are optional. Your comment will appear after being approved by the moderator.