According to Oracle, next year’s version of its Java Development Kit will not feature its notorious browser plug-in component. Similar to Adobe Flash, the plug-in’s popularity and multiple vulnerabilities made it a standard point of malware infection for internet users. Last year, Google Chrome stopped supporting the plug-in and Mozilla Firefox announced plans to discontinue its use later this year. Microsoft Internet Explorer still supports the Java browser plug-in, lending some credence to the joke that users should only use Internet Explorer to download Firefox or Chrome.

Naked Security enumerates the myriad problems the Java browser plug-in has caused: “The massive bestiary of Java applet security flaws cataloged years ago…The newer Java flaws embedded in the Blackhole exploit kit…The multiple Java flaws CERT told the world about in 2013.” The Java browser plug-in has been utilized by more than one exploit kit, a program which searches the user’s computer for known software vulnerabilities. Such vulnerabilities are typically the result of outdated or unpatched programs such as the Adobe Flash or Java plug-in. If the user’s computer contains one or more of these vulnerabilities, the exploit kit selects the corresponding malware and installs it on their machine. Brian Krebs notes that “Crooks have used Java flaws to attack a broad range of systems, and not just Windows PCs: In 2013, the Flashback Trojan used a Java flaw to ensnare more than 600,000 Mac OS X systems in a massive botnet.”

In a blog post, Oracle recognizes the aforementioned changes: “With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology.” As HTML5 and JavaScript gain popularity, reliance on Flash and the Java plug-in is becoming antiquated. According to the aforementioned Krebs post, “some 97 percent of enterprise computers and a whopping 89 percent of desktop systems in the U.S. run some form of Java.”

Powered by WPeMatico