According to Oracle, next year’s version of its Java Development Kit will not feature its notorious browser plug-in component. Similar to Adobe Flash, the plug-in’s popularity and multiple vulnerabilities made it a standard point of malware infection for internet users. Last year, Google Chrome stopped supporting the plug-in and Mozilla Firefox announced plans to discontinue its use later this year. Microsoft Internet Explorer still supports the Java browser plug-in, lending some credence to the joke that users should only use Internet Explorer to download Firefox or Chrome.
Naked Security enumerates the myriad problems the Java browser plug-in has caused: “The massive bestiary of Java applet security flaws cataloged years ago…The newer Java flaws embedded in the Blackhole exploit kit…The multiple Java flaws CERT told the world about in 2013.” The Java browser plug-in has been utilized by more than one exploit kit, a program which searches the user’s computer for known software vulnerabilities. Such vulnerabilities are typically the result of outdated or unpatched programs such as the Adobe Flash or Java plug-in. If the user’s computer contains one or more of these vulnerabilities, the exploit kit selects the corresponding malware and installs it on their machine. Brian Krebs notes that “Crooks have used Java flaws to attack a broad range of systems, and not just Windows PCs: In 2013, the Flashback Trojan used a Java flaw to ensnare more than 600,000 Mac OS X systems in a massive botnet.”
Powered by WPeMatico