Oracle warns that macOS 14.4 update breaks Java on Apple CPUs
Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. [...]
Java is a programming language and runtime platform whose libraries and frameworks require secure configuration and timely patches to reduce vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
Java is a class-based programming language and runtime ecosystem centered on the Java Virtual Machine (JVM), which executes compiled bytecode across operating systems. It powers server applications, desktop tools, and embedded software. A Java deployment commonly includes the JDK or runtime, application frameworks, third-party libraries, and build components; each layer can introduce security-relevant behavior or vulnerabilities.
Security issues may affect the JVM itself, bundled libraries, or application code. Untrusted Java deserialization, unsafe class loading, injection flaws, and incorrect TLS or cryptography configuration can create exploitable paths when present in a particular application. Defenders should inventory the exact JDK and dependencies, monitor applicable advisories, remove unnecessary components, and test and apply updates. Code review and testing should specifically examine deserialization and other handling of untrusted input rather than assuming the language’s security APIs make applications safe by default.
Weekly headline count for the current query.
Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. [...]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild. [...]
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. [...]
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. [...]