Security News

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible...

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. According to Garcia-Ribeyro, since the Java Virtual Machine uses dynamic code generation and accesses memory in protected memory regions to ensure correctness and performance, its process will be terminated after deploying the macOS 14.4 update.

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to...

An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. 82% of respondents using Oracle Java said they are concerned about the new Java SE Universal subscription pricing introduced in January.

The U.S. Cybersecurity & Infrastructure Security Agency has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution flaw in attacks. CVE-2022-36537 is a high-severity flaw impacting the ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1, enabling attackers to access sensitive information by sending a specially crafted POST request to the AuUploader component.

The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Tracked as CVE-2022-36537, the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests.

CI Fuzz CLI, the open-source Command-Line Interface tool from Code Intelligence, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup to find functional bugs and security vulnerabilities at scale. CI Fuzz CLI, available on GitHub, leverages genetic and evolutionary algorithms and automated instrumentation to dynamically generate millions of unusual inputs to test Java applications for unexpected behaviors that may lead to crashes, DoS or zero-day exploits.

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution," Contrast Security researcher Joseph Beeton, who reported the bug, said in a write-up.

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution," Contrast Security researcher Joseph Beeton, who reported the bug, said in a write-up.