Threat Post

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. There’s an enormous amount of software vulnerable to ...
ZDNet

Apple fixes months-old Java bug

Apple has issued a patch for Mac OS X that fixes a serious Java security flaw publicly disclosed six months ago, following criticism from security researchers. The vulnerability affects a number of ...
Macworld

Oracle warns: Java users should hold off on updating to macOS Sonoma 14.4

Apple released macOS 14.4 nearly two weeks ago, but if you haven’t yet installed it, you might want to hold off. Oracle recently posted on its Java blog that Java processes on Macs running macOS ...
eWeek

Critical Java Bug Targets Java Virtual Machine

A highly critical vulnerability in Sun Microsystems Inc.s Java plug-in has been discovered by a Finnish security consultant. The vulnerability could potentially allow a Web page to turn off Javas ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...
PC World

Nifty Java Bug Could Lead to Attack

A Google researcher has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The attack was disclosed Friday by Google’s Tavis Ormandy, who ...