Is this Java’s last stand?
Over the past few months, Oracle’s Java has come under a lot of scrutiny for its holes and vulnerabilities. Security experts have repeatedly called for computer users to uninstall Java from their systems. Now, perhaps in an attempt to keep it relevant, Oracle released a massive patch update earlier this week, which includes 42 patches for Java. And with those patches come some major changes, according to ComputerWeekly:
One of the biggest changes introduced by the security update is that websites will not be able to force Java applets to run in the browser if they are not digitally signed.
Over the last year, Java gained the distinction – or should I say notoriety – of becoming the most frequently exploited software, beating out the buggy Adobe. Having Java on your computer was like playing Russian roulette with malware – you were always taking a huge risk of being hit with a zero-day attack.
These latest patches (Oracle also released an update for its other products) are out of the usual patch sequence for the company, which is usually only updated three times a year: in February, June and October. However, as the Sophos Naked Security Blog pointed out, Oracle appears to have finally adapted to the realities of cyber crime. Slow patch releases for critical vulnerabilities aren’t going to win you friends or keep your customers in this cybersecurity environment. If you want to stay relevant and if you want to make sure the people using your products are secure, you have to attack the problems as they happen -- or at least a lot more regularly than every four months.
Oh, and Oracle wasn’t alone in addressing Java patches. Apple also released critical patches for Java this week.
Now it's time to see if Oracle is serious about making sure Java stays secure or if this is a last grasp to save the beleaguered software.