Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
Adding to a growing portfolio of enterprise software it offers as hosted services, Microsoft plans to add Java to its Windows Azure cloud service.
As it turns out, constant security holes aren't the only aggravation that comes with using Java, according to a new report.
Oracle and ARM are working together to make the Java programming language more suitable for ARM processors, in order to encourage its use for embedded systems and enterprise software.
A new vulnerability in Java 7 could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.
Despite the significant Java security improvements made by Oracle during the past six months, Java vulnerabilities continue to represent a major security risk for organizations because most of them have outdated versions of the software installed on their systems, according to a report by security firm Bit9.
Oracle fixed a number of critical security flaws in Java with the latest update, but it's still too slow to patch and attackers will continue to take advantage.
Oracle addressed 40 security issues in Java and enabled online certificate revocation checking by default in its scheduled critical patch update for Java on Tuesday.
Oracle has announced the availability of Java Platform Enterprise Edition 7, a release that brings new capabilities for HTML5-based application development to the framework.
Oracle, which acquired Java with the purchase of Sun Microsystems in 2010, has been criticized for moving too slowly to stop Java exploits.