Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that. “Oracle plans to deprecate ...

This is to prevent drive-by-downloads, as Oracle explains: This affects the conditions under which unsigned (sandboxed) Java web applications can run.

Oracle has released Java 7 Update 13 to address two vulnerabilities in its software, one of which was being exploited in the wild.

CVE-2016-0636, which affected Oracle Java SE 7u97, 8u73 and 8u74, scored a 9.3 on the CVSS 2.0. In this CPU, Oracle reminded affected users to apply the fixes if they haven’t already done so.

Java Network Launch Protocol (JNLP) files are used to launch applications from a hosted web server on a remote desktop client. Software such as Java Plug-in and Java Web Start programs use JNLP ...

Two of the critical flaws, in Java’s 2D component (CVE-2016-0494) and in Java’s AWT (CVE-2015-8126), can only be exploited through sandboxed Java Web Start applications and Java applets.

For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run.

Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of ...