The most popular and comprehensive Open Source ECM platform
The more widely used software is, the bigger the target it becomes for hackers. In the same way that Microsoft’s IE and Adobe’s Flash have been aggressively targeted in the past, Oracle’s Java has become a popular target of hackers just for that reason. A report from the TIOBE Programming community finds that Java is popular — Java was tied with the C programming language as the most popular language of choice used by developers in 2012.
The list of Java exploits and security flaws has multiplied of late, with many of the problems being found with the run-time version of the language used by browser plug-ins.
In early January, the discovery of two ‘zero-day’ Java exploits were announced. A partial patch was released shortly after the announcement of the discovery, but was criticized by some as not being sufficient to fix the problems.
A little later, in mid-January, Russian security firm Kaspersky Lab announced the discovery of malware they’d discovered that they believe was used as part of a campaign to steal information from high-profile diplomatic, military and government targets in as many as 39 different countries, with most of the incidents occurring in Eastern Europe, but also with targets in Western Europe and North America. The campaign was dubbed Red October, and some believe that it may have been going on for more than five years. Red October was based in part on security flaws found in earlier unpatched versions of Java. Red October affected smart phones, Cisco network equipment, removable disk drives, Outlook email databases, and FTP servers.
Then, a few days later in January, word began circulating of code being sold by hackers that could exploit another unpatched Java flaw for $5000.