Java – New vulnerabilities affects million applications

Pierluigi Paganini April 18, 2015

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login.

Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication.

Every application running on any of JRE/JDK versions 5, 6, 7, and 8 which is not patched is vulnerable to remote attacks that could allow attacker to compromise the application or to steal sensitive application data.

Experts urge Java users to apply a patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs in order to fix 14 vulnerabilities.



This is the last security update provided for Java 7 bacause the fremework is arrived to its “end of the road” as announced by Oracle, in the future the company will provide public updated only for Java 8.

“Coincident with the January 2015 CPU release users with the auto-update feature enabled will be migrated from Oracle JRE 7 to Oracle JRE 8. Also, please note the April 2015 CPU release will be the last Oracle JDK 7 publicly available update. For more information, and details on how to receive longer term support for Oracle JDK 7, please see the Oracle Java SE Support Roadmap.” states the Java official page published by Oracle.

The experts estimated that millions of applications worldwide are vulnerable because they are running on any of the prior vulnerable versions of Java.

Application owners can upgrade their software to the last Java 8 platform or install any of the new Java Container RASP (Runtime Application Self-Protection) technologies that will quarantine and protect the Java Platform and the entire application stack automatically.

The situation is that millions of Java 7 applications will have no defense soon and it is likely cyber criminals will increase their attacks against the out of date version of the popular Oracle software.

Pierluigi Paganini

(Security Affairs –  Java 8, security)

you might also like

leave a comment