Menu
Oracle is planning to kill an attacker's favorite: the Java browser plug-in

Oracle is planning to kill an attacker's favorite: the Java browser plug-in

The browser plug-in will be retired in Java 9, but older versions will likely linger on for years

Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that.

"Oracle plans to deprecate the Java browser plugin in JDK 9," the Java Platform Group said in a blog post Wednesday. "This technology will be removed from the Oracle JDK and JRE in a future Java SE release."

The Java Development Kit (JDK) 9, the reference implementation for the next version of Java SE, is expected to reach general availability in March 2017. By then, however, most modern browsers will no longer accept the Java browser plug-in anyway.

Mozilla announced in October that it plans to remove support for plug-ins in Firefox by the end of 2016. Chrome disabled support in September for plug-ins that, like Java and Silverlight, use the old Netscape Plugin Application Programming Interface (NPAPI) standard. Microsoft's Edge browser doesn't support plug-ins either.

With Internet Explorer and Safari the only browsers set to still accept traditional NPAPI plug-ins after 2016, Oracle is pretty much forced into this decision, even though Chrome does support a new plug-in technology called PPAPI (Pepper Plug-in API).

"Oracle does not plan to provide additional browser-specific plugins as such plugins would require application developers to write browser-specific applets for each browser they wish to support," the company said in a white paper that outlines migration options for developers. "Moreover, without a cross-browser API, Oracle would only be able to offer a subset of the required functionality, different from one browser to the next, impacting both application developers and users."

The main alternative proposed by the company is to switch from Java Applets to Java Web Start applications. This type of application can be launched from the Web without the need for a browser plug-in.

From a security perspective though, Java Web Start applications can be used as an attack vector for exploiting vulnerabilities in the Java runtime, just like Applets.

Even after the Java plug-in is retired, it's likely that many computers will continue to have it installed for years to come. This is especially true in business environments where custom built Web-based Java applications are common and cannot be easily replaced or rewritten.

Even now, for application compatibility reasons, there's a large number of computers in business environments that continue to use Java 6 or Java 7, versions that no longer receive public security updates.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments