Wednesday, September 11, 2013

Security of Java takes a dangerous turn for the worse

I haven't had Java installed on my machines in a while but as a former Java programmer this is a bit depressing, Security of Java takes a dangerous turn for the worse, experts say

"The most visible sign of deterioration are in-the-wild attacks exploiting unpatched vulnerabilities in Java version 6, Christopher Budd, threat communications manager at antivirus provider Trend Micro, wrote in a blog post published Tuesday. The version, which Oracle stopped supporting in February, is still used by about half of the Java user base, he said. Malware developers have responded by reverse engineering security patches issued for Java 7, and using the insights to craft exploits for the older version. Because Java 6 is no longer supported, the security those same flaws will never be fixed."


Christopher Budd said...

Hi there,

Thanks for reading and for posting this.

I did want to clarify: I'm not actually a former Java programmer. I used to be with the Microsoft Security Response Center and am with Trend Micro now. So background is more on vulnerability handling than programming (though I have done programming).

Thanks again!

Howard said...

Yes, I meant I am a former Java programmer. :)