The last 6 months has seen a high number of security vulnerabilities appear in Java. This widespread infection has led to the creators, Oracle, suffering significant criticism from security experts and users alike.
After months of criticism and many users moving away from Oracle’s Java, the company has eventually spoken out, agreeing to finally fix the problems that have persistently reoccurred over the last few months. The number of attacks targeting and compromising Java has made it one of the most commonly exploited vectors in business.
Oracle has now spoken out and announced some significant changes have been made in Java in terms of security, which will in turn better protect users from now on. One of the developments is that now all applet requests will have to be authorised by the user, or at least a notification to alert the user. Oracle have also introduced a security slider panel which makes disabling Java across various platforms a lot more simple.
The focus of the security review was to protect against browser launched attacks, which have been the main target thus far. The clean-up however will not aid server or embedded device attacks.
Oracle is considering automatically pushing Java updates to ensure all users are fully patched with the latest version. The most recent Java update is SE 7 Update 11.