You are somehow tricked into loading a Web page that contains a malicious Java applet, which exploits the fault and loads malware on to your system. While the vulnerabilities ultimately exist in the runtime, the plug-in is the avenue that malware developers use to exploit these remotely. The vast majority of Java's security problems revolve around the use of the Java plug-in. In older versions of Java (1.6 or earlier) Safari's security preferences could be used to disable Java, but this is now done in the Java Control Panel in the system preferences. The second component of the installation is the Web plug-in, which interfaces these libraries with the browser to allow hosted Web applets to run. The first is the runtime itself, which consists of the libraries and execution environment that allow your system to execute Java programs. There are two aspects to Oracle's Java installation. So, how do you secure your system while keeping a potentially faulty runtime installed? When it comes to the security of your system, uninstalling Java completely is certainly one way to avoid problems arising from it, but it is a bit of an extreme measure. However, this can be impractical for some, as many people need Java to run applications, including Web apps and a number of technical and creative development tools. In response to these threats, many in the tech community have recommended that people uninstall Java altogether. More recently, Java 7 has seen a new zero-day vulnerability that has been circulating in exploit kits. One notable occurrence was the Flashback malware threat that affected a number of OS X users, which (though due in part to Apple's negligence about Java upkeep) was rooted in the Java runtime.
Lately Java has been getting a bit of bad press, thanks to several consecutive security holes that have been exploited by malware developers.
0 kommentar(er)
