A new Java exploit was discovered yesterday that bypasses the Java security model using clever social engineering that takes advantage of weak security settings in the Java security control panel.

Oracle issued a security update for the CVE-2013-0422 vulnerability that included a change in Java's Security Level setting from "Medium" to "High" so users would be prompted before allowing an ...

A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to “High” and ...

New vulnerabilities and flaws in Java are so common and frequent that it is difficult to keep pace. Less than two weeks ago it was revealed that the Java sandbox could be bypassed; now it is disclosed ...

JDK 22 adds 10 new root CA certificates, a new asymmetric key interface, and a -XshowSettings option for displaying security settings. In a March 20 blog post on Oracle’s inside.java web page ...

I am trying to learn Java using the JDK I downloaded from the Sun Site, I got a book and am following tutorials. I use a Windows XP SP1 box at home and user with admin privileges.I begun writing ...

An Oracle blog post documenting the Java security settings doesn't clarify, and Oracle representatives didn't respond to an e-mail seeking comment for this post. Sadly, an e-mail sent to 13 valid ...

A new flaw identified in Java creates serious security risks for everyone. We recommend immediate action to protect yourself.

Security researchers spot malware masquerading as a Java security update. Users urged to download Java updates directly from Oracle.

A new flaw identified in Java creates serious security risks for everyone. We recommend immediate action to protect yourself.

A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.

New Java Zero-day Flaws uncovered by Security Explorations, a Poland-based vulnerability research firm, can be used by an attacker to execute code on a victim's computer.