NEWS - December 18, 2012
by Carol~ - 12/18/12 11:49 AM
Oracle Adds Ability to Prevent Java Apps From Running in Browsers
Oracle has released a new version of the Java Development Kit which includes a number of security improvements. The major change in JDK 7u10 is the ability to prevent any Java application from running in the browser, a big shift for the Java environment, which is a constant target of attacks.
The new release of Java also includes some additional security enhancements, most notably a feature that enables developers to set a specific level of security for any unsigned Java applets. Java applications and Java itself have become high-priority targets for attackers in the last couple of years, and a number of significant attacks have focused on Java bugs recently. In August, researchers identified a group from China known as the Nitro crew as one of the groups that was using a pair of Java zero-day vulnerabilities in targeted attacks.
Exploits for Java bugs often are added to the major exploit kits such as Black Hole, Eleonore and the Cool exploit kit. Attackers favor Java as a target for a number of reasons, but the key attraction for them is Java's enormous installed base. Java sits on hundreds of millions of machines worldwide, and a good percentage of those installations are older, out-of-date versions that include vulnerabilities that are easy pickings for attackers.
Continued : https://threatpost.com/en_us/blogs/oracle-adds-ability-prevent-java-apps-running-browsers-121812
Java apps can now be prevented from running in the browser
Java 7 Update 10 allows users to restrict Java in browsers