<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

MOVEit 8.3 Helps With Java Browser Vulnerabilities

Ipswitch Blog| March 23 2016

| security

Java browser security issuesOracle estimates that 97% of enterprise desktops run Java, 89% of desktops in the U.S. run Java, and 3 Billion mobile phones run Java.  That market share makes Java a juicy target for cyber criminals. Java in the browser is particularly vulnerable to security threats known as ‘exploit kits.’

Exploit Kits Render Java Insecure

According to Joshua Cannell writing on Malwarebytes Labs, “an exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client.  The exploit kit gathers information on the victim machine, finds vulnerabilities and determines the appropriate exploit, and delivers the exploit, which typically silently drive-by downloads and executes malware.”

Here’s the scary news, “Kits continue to include exploitation of vulnerabilities that were patched years back, as there continues to be a significant population of unpatched machines.”  The good news is you can reduce risk by keeping current with latest patches, but the challenge for you and your users is security fixes for Java, Flash and other browser plugin technology is coming at a dizzying rate.

Moving Away from Java in the Browser

A more practical approach to security is to move away from Java in the browser.  In fact, Oracle recently announced plans to deprecate the Java browser plugin from JDK 9.  Dalibor Topic, principle product manager for Open Java Development Kit, said the following in a January 27, 2016 blog post:

“By late 2015, many browser vendors have either removed or announced timelines for the removal of standards based plugin support, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies.

“With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options…Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.”  

Essentially, this means you need to start migrating away from any applications that rely upon Java browser plugins as soon as possible to reduce your organizational risk. This is exactly why we have updated MOVEit File Transfer (DMZ) v8.3 to include a new way to transfer files over the browser.


MOVEit 8.3 Provides Java-Free Security

MOVEit File Transfer (DMZ) v8.3 is generally available as of this week and includes a brand new Javascript file upload wizard. This new wizard provides more secure Java-free file transfers for large files via web browsers.  It also includes system updates, such as support for Outlook 2016 and other updates.  See the release notes for the full set up new features and updates.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *


Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.