ZDNet

Java zero-day malware 'was signed with certificates stolen from security vendor'

Malware used in a zero-day Java exploit was signed with certificates stolen from a security firm, researchers have found. The editions of Java targeted by the malware, Java 6 Update 41 and Java 7 ...
Computerworld

Java 7 Update 25 fixes 40 security issues, turns on certificate revocation checking

Oracle addressed 40 security issues in Java and enabled online certificate revocation checking by default in its scheduled critical patch update for Java on Tuesday. Thirty-four vulnerabilities ...
Threat Post

Oracle Patches 42 Java Flaws, Adds New Code-Signing Restrictions and Warnings

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely ...
InfoWorld

Oracle to Java devs: Stop signing JAR files with MD5

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those JAR ...
Threat Post

Java’s Losing Security Legacy

Java’s code-signing requirements have proven to be a bust, security researchers say, and now even longtime developers are losing faith in the programming language. Why would a software company require ...