Brought to you by TrendLabs, Trend Micro's global threat research & support organization
Trend Micro—Securing Your Journey to the Cloud Follow us on Twitter Like us on Facebook Watch our YouTube Channel
FIRST LINE OF DEFENSE—YOUR REGULAR SOURCE OF SECURITY UPDATES FROM TRENDLABS

> SPOTLIGHT

Oracle Is Improving Java Security

Java has had a long history of vulnerabilities. Just this year, cybercriminals used Java zero-days to exploit newfound vulnerabilities as part of targeted attacks against government organizations and institutions.

Through a recent blog post, Java developer Oracle, announced that it would be making the platform more secure by:

  • Rolling out patches every three months starting October this year
  • Using automated security testing tools on Java to detect new bugs and issues after every patch rollout
  • Barring unsigned or self-signed apps from running
  • Supporting Windows-enforced security policies
  • Introducing a new, more secure Java distribution service created specifically for servers running Java apps

What This Means to You

Note Oracle's first three plans. The first, which promises the release of patches every three months, should help you quickly fix potential problems before cybercriminals can exploit them. This, coupled with Oracle's continuing distribution of out-of-band updates for critical vulnerabilities, ensures that cybercriminals will have a harder time carrying out zero-day attacks.

The second also addresses issues with bug fixes and patches. Automated security testing tools can help identify potential security gaps and allow Oracle to fix them in advance.

The third will, however, be most significant. Once enforced, attackers will have to acquire a code-signing key to get their malicious Java applets to run. This may not stop a determined attacker from abusing the platform but will prevent common Java exploits from functioning.

"This may not stop a determined attacker from abusing Java but will prevent common exploits from functioning."

Changes for the Better

While Oracle has not yet announced when the rollout will be, the move to improve shows its acknowledgment of the security issues plaguing Java. It also shows that it is taking steps to proactively rather than reactively solve the issue.

Despite Oracle's plans, you should still be careful whenever Java is concerned. Either update to the latest Java version and keep its security level "high" or uninstall it entirely. You can secure your Java-enabled computers with our help, of course.

QUICK LINKS

SECURITY RESOURCES

> View this issue online
> Subscribe to First Line of Defense

> New Report: The Android OS Fragmentation
   Problem
>
New Research Paper: Windows 8 and Windows
   RT: New Beginnings