Researchers find serious flaw in latest JRE for desktops, servers
Security Explorations researchers say that a new sandbox bypass vulnerability in the Java 7 Reflection API puts JRE desktop and server versions at risk.
Lucian Constantin, April 2013

Java 8 release delayed until next year
The GA version of Java SE 8 needs more work to improve the Java security model and has been pushed into the first quarter of 2014. A developer release is still promised in September, however.
Paul Krill, April 2013

Apple keeps patching Java on OS X Snow Leopard after proposed drop-dead date
Updates are considered a smart move given that not all Mac users can upgrade to Java 7 and are relying on Apple for patches.
Gregg Keizer, April 2013

Java 7 Update 21 to fix bugs, change applet warning messages
Oracle's latest update demonstrates commitment to fixing security issues related to the Java Plug-in, a necessity for many enterprises.
Lucian Constantin, April 2013

Researchers link Java zero-day exploit to Bit9 hack
The remote access malware used for the recent Java zero day attack is connected to the same control server used for the Bit9 hack, Symantec researchers say.
Lucian Constantin, March 2013

Apple's Java sabotage is bad IT business
Apple's handling of the Java vulnerability provides a textbook example of what not to do in a production environment.
Bob Lewis, February 2013

Safeguard your code: 17 security tips for developers
Code security is more important than ever, and it's not that hard to do. Get 17 tips for writing secure code for today's applications.
Peter Wayner, February 2013

How Neo4j beat Oracle Database
Neo Technology's CEO and senior director of products discuss the inner workings and success of Neo4J and its future applications in mobile development, as well as why they're not worried about Java security.
Paul Krill, February 2013

Oracle releases Java patch update
The Java security Critical Patch Update was due February 19 but Oracle released it February 1. The latest patch addresses up to 50 Java vulnerabilities, most of them related to client-side development.
Paul Krill, February 2013

Java is still the most secure widespread runtime
Andrew C. Oliver on why most developers are better off ignoring the FUD about Java security and focusing on what the Java platform does right -- like programming for Android.
Andrew C. Oliver, January 2013

After silence on Java flaws, Oracle now says it cares
In a sudden outreach effort, Oracle promises to fix Java's security bug and communicate better about future security issues. JavaOne may include a Java security track.
Paul Krill, January 2013

New bug neutralizes latest Java security updates
Researcher finds vulnerability that allows attackers to bypass the plug-in's new protection against silent exploits.
Gregg Keizer, January 2013

Java scam: How Oracle and Ask profit from sneaky add-ons
Every time users update Java, traps in the program try to trick them into installing useless toolbars and add-ons.
Bill Snyder, January 2013

Spring Framework flaw allows remote-code execution by attackers
With no quick fix in sight, Spring's remote-code-execution bug leaves many enterprise Java apps at risk.
Ellen Mesmer, January 2013

Just patch Java? Easier said than done
You'd think the seriousness of the latest Java threat would force companies to patch or turn off Java in a hurry. It's not that simple.
Roger Grimes, January 2013

Find more >

Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld