Oracle released updates to its Java platform to address a significant increase in attacks targeting weaknesses in the ubiquitous programming language. Java vulnerabilities accounted for more than 90 percent of attacks in 2013, according to Kaspersky Lab. Attackers were targeting both zero-day flaws and patched vulnerabilities in the platform, prompting calls from security experts for users to disable it in their browser.
Oracle bolstered its internal incident response and software security processes. The company introduced a variety of restrictions into the software, adding more robust certificate validation and a hardened Java applet container to prevent malicious code from breaking out onto a victim's system. The company also separated its browser Java from server use, since browser-based Java applets are targeted more often. It also added ways to make it easier for IT admins to whitelist only needed Java applets.