Put a fork in it, Java is done

Oracle issued a gargantuan security update that fixes 25 separate security flaws in Java, including one zero-day that has been actively exploited in the wild. Unless there is some sort of absolute business imperative that requires your use of Java it’s time to just remove the software from your PC.

I wrote this blog post about the latest Java security concerns:

Headlines about Adobe Flash zero-day exploits and calls for the execution of Adobe Flash dominated headlines over the past week or so in the wake of the Hacking Team hack. Meanwhile, Oracle pushed out a security update. The Oracle update fixed 193 security vulnerabilities—yes one, nine, three…just seven short of 200—including 25 just for Java. While we’re tossing Adobe Flash overboard let’s send Java with it.

Java and Flash are like the twin harbingers of doom when it comes to computer security. They’re like a devastating tag team attack. At any given point if there isn’t a zero-day flaw to exploit in Adobe Flash there’s probably one in Java—and vice versa.

In a post imploring users to update or just remove Java completely Graham Cluley points out, “The security hole was particularly notable because it is thought to be the first new zero-day vulnerability that has targeted Java for two years.”

I agree with Cluley, but I would emphasize the “thought to be” a little more. The Java zero-day is the first that has been publicly disclosed and patched in a couple years. However, the very nature of zero-days is that we don’t know about them until we know about them.

A couple weeks ago you might have assumed Adobe Flash was relatively secure. Then the Hacking Team hack revealed that the company had kept three different Adobe Flash zero-day exploits in its arsenal to enable it to install software on target computers without the users knowledge. It seems likely that there are Java zero-day exploits out there we just don’t know about.

Read the full post on CSOOnline.com: Just get rid of Java finally.

• About
• Latest Posts

Tony Bradley

Editor-in-Chief at TechSpective

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Latest posts by Tony Bradley (see all)

• Ransomware-Proof Your Data Backups with Immutability - April 10, 2024
• Unearthing Identity Threat Exposures - April 1, 2024
• Future of Tech and Cybersecurity Looks Bright Thanks to AI - March 26, 2024