Java Causing Problems Again: This Time Mozilla and Apple Take Action
Java is fast becoming the one thing on the internet no-one wants to touch and a thorn in Oracle’s side. A few weeks ago a Java update caused some minor damage and exposed a few people’s computers to a vulnerability—one that Oracle took too long to fix and which prompted Apple to block the software entirely from its Safari browser and several versions of iOS. At the time Oracle took corrective steps and issued a patch; many felt after that scare that Oracle would have tidied up things for good but no such luck.
This time it’s Mozilla who is sounding the alarm and the Firefox developer announced recently that several versions of Java were unstable, compromised and thus not fit to be a part of Firefox—all have been blocked. The affected versions according to Mozilla are Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38.
Apparently those versions of Java have a vulnerability which lets hackers execute malicious code on a user’s computer and both Mozilla and Apple have taken steps to make sure that their users do not fall victims. Mozilla issued a statement explaining what the vulnerability entails and what exactly the block affects:
The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.
Oracle’s black eye
Java according to many developers and future oriented programmers has long since castigated Java for being an antiquated platform for building anything. Despite this though, Oracle has managed to get pretty much any bit of software that requires cross-platform functionality and deployment to work in a seamless manner. Indeed, many programs being sold for hundreds of dollars wouldn’t have the success they do without Java.
From that perspective therefore, the run-time environment has been a huge facilitator on the internet and in software development in general. The trouble though is that Oracle hasn’t really changed Java at its core and the web is now where most of the action is.
Today people are building web applications to do what standalone software used to do and Java simply doesn’t afford the level of security needed by these new breed of applications. It isn’t hard to imagine then that similar to the way HTML 5 has signaled the demise of Flash, something more robust and secure will eventually kill off Java.
If that happens then Oracle will have no-one to blame since as a company it has more than enough resources to make Java work better and be more secure. The constant exploits and vulnerabilities seem to be systemic and when Oracle does release a patch it is obvious that it’s more of a band aid than a permanent solution.
I think we can start holding a vigil for Java. What do you think, can it be saved? Share your thoughts below.