Press Release

Researchers of Fraunhofer IEM, Paderborn University, Fraunhofer SIT and TU Darmstadt have just released an in-depth study of more than ten years of security exploitation of the Java Runtime Environment. Today, Java is literally deployed on billions of devices including servers, desktops, tablets and mobile phones. This makes the Java runtime both one of the most important IT infrastructures as well as a very worthwhile target for attackers. In 2013 and 2014, Java was the number one attack vector for cyber criminals.

In their study, the security researchers have gathered 87 different Java exploits from the internet and dark net. They span a time frame of more than 10 years. An exploit is a malware that takes advantage of a bug or vulnerability in a software system. The research team then tested, simplified and normalized the exploits to find their commonalities and differences. This then allowed for a fine-grained classification of exploits, revealing the most prominent attack vectors and weaknesses in Java. The study thus will help guide future efforts to harden Java against security attacks.

The study is available for download [HERE] and will be presented at the 23rd ACM Conference on Computer and Communications Security (CCS) in October in Vienna. CCS is the flagship conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM).The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. CCS is highly selective: it frequently receives over 600 submissions, only few of which get accepted for publication.