Java posts on CNET - Page 4


Update OS X to ensure Java security

With the latest round of OS X updates Apple has addressed a number of bugs in its Mac operating systems; however, in addition one update is particularly pertinent for those who wish to maintain security with their Java installations.

Java has received some hard knocks recently with a number of security vulnerabilities that could potentially lead to malware execution on exploited systems, and as such, while uninstalling Java has been a preferred recommendation, one common recommendation for those who do need it is to just disable the Java Web plug-in; however, recent developments suggest doing this may not always render … Read more

Apple, Facebook hackers hit car and candy companies too

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

More Java-based malware plagues the cross-platform runtime

Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing … Read more

Forum site gives more details on Apple and Facebook hacks

The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said … Read more

Microsoft to back Oracle in Java case against Google -- report

The legal war between Oracle and Google has been rather muted for the last several months, but there could be a major new twist in the case.

Reuters has reported that legal representatives for Microsoft told the U.S. Court of Appeals for the Federal Circuit in a briefing yesterday that it would support Oracle.

We reached out to Oracle to confirm, but the Redwood Shores, Calif.-based corporation declined to comment.

Not many more details are available at this time, but it would seemingly line up with Microsoft's other patent-related lawsuits against Motorola Mobility, now a Google subsidiary. … Read more

Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more

Apple issues Java update after security breach

Following recent security breaches that led to computers at Apple and other companies being compromised, Apple has issued an update for Java on OS X to close the hole.

The update went live this afternoon through Apple's Software Update service, which can be accessed from the Apple menu, and also available as a standalone update for OS X Snow Leopard or later from the following locations:

Java for Mac OS X 10.6 Update 13 Java for OS X 2013-001

According to the update's release notes, it will disable all versions of Java that are supplied by Apple … Read more

Oracle: The judge was wrong in our case with Google

Despite losing its infringement battle with Google, Oracle is still willing to wage a war over an earlier ruling in the matter.

The company earlier this week filed an appeals brief with the U.S. Circuit Court of Appeals, saying that Google's use of Java in Android was "decidedly unfair," according to Reuters, which obtained a copy of the filing. Oracle said that copyright is designed to protect all kinds of works, including "a short poem or even a Chinese menu," but what it created in Java was "vastly more original, creative, and labor-intensive.&… Read more

Oracle pushes out new Java update to patch security holes

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

Apple updates Java for Snow Leopard following blockage

Following another recent security issue with Java, Apple issued an update that added the latest versions to the system's browser plug-in blacklist to protect users from any potential threats; however, in doing so it silently blocked a number of people from accessing required Java content, such as banking and financial Web sites.

To manage this problem, if you need Java, then the latest version from Oracle (version 1.7.0_13) that was released yesterday should have addressed the security holes and get your system back up and running. You can download it for OS X Lion or Mountain Lion … Read more