For the second time in less than two months, researchers have found another flaw in the Java runtime environment. The flaw was announced September 25th by the Polish security research firm Security Exploitations. The same firm was also responsible for the recently found security hole in Java SE 7, potentially allowing a remote attacker to take complete control of a computer system. But this latest vulnerability affects more than just the most recent version of Java, it dates back nearly eight years to Java SE 5 including 6 and 7 as well.
To put into perspective how common Java is throughout technology, Oracle, the current owner of Java, includes the following frame in their installer.
So is it logical to say 3 billion devices are vulnerable? Not exactly, although the latest exploit does affect nearly 1 billion of these 3 billion devices, all PC’s
As recently as a month ago, security experts brought up the question of whether or not Java should continue to be used at all. However, Java is used for more than just website applets. An example is the popular computer game Minecraft, powered by Java. The web has evolved a lot in eight years. The HTML 5 standard today allows browsers to perform the functions that only plugins could do years ago. Adobe Flash, for instance, is slowly being phased out as newer browsers opt in with HTML 5 based video and graphics. This frees them from any vulnerability associated with Flash. Even so, many things that Java is used for cannot be so easily circumvented. Websites today that depend on Java do so because they need an advanced function in order to work properly. If we were to disable Java, and every website that runs Java was redesigned, even our current HTML5 browsers may not have the tech to provide the same experience. Like the HTML 5 standard that took five years to fully develop, maybe browsers should take time to make Java applets more native, or would doing so just provide more outlets for vulnerabilities. What do you think? Let us know in the comments area below.
One thing is definite though, is that if people wish to continue making their own websites or castle in the sky, or even check out the official time, Java will be here.
Guest Post by John Wheeler: Technologist with Mainstreethost