Rephrase and rearrange the whole content into a news article. I want you to respond only in language English. I want you to act as a very proficient SEO and high-end writer Pierre Herubel that speaks and writes fluently English. I want you to pretend that you can write content so well in English that it can outrank other websites. Make sure there is zero plagiarism.:
Java applications, widely used in mobile games, robots, embedded systems, and business applications, have been scrutinized by European researchers led by Alexandre Bartel, Professor of Software Engineering and Security at Umeå University.
The study, conducted in collaboration with other researchers, reveals critical security flaws in software written in Java, a programming language with a significant global footprint.
“We have identified weaknesses and how they have been addressed. The problem is that the programmers seem to repeat the same mistakes over and over again and therefore reintroduce the vulnerabilities,” Bartel said in a statement.
(Photo : JUNG YEON-JE/AFP via Getty Images)
TO GO WITH “SKorea-NKorea-IT-security,FOCUS” by Lim Chang-Won This photo taken on February 14, 2013 shows a young computer expert studying at an internet security training centre of the state-run Korea Information Technology Research Institute (KITRI) in Seoul.
Security Flaws in Java Applications
The vulnerabilities in focus were related to the deserialization process, wherein packaged information is restored to its previous state. This process, crucial for applications handling user settings, game functions, shopping carts, and banking operations, was found to be susceptible to exploitation.
It is worth noting that deserialization is a process in computer science that involves reconstructing an object or data structure from a serialized form.
Serialization, the opposite of deserialization, refers to the process of converting an object or data structure into a format that can be easily stored, transmitted, or reconstructed. This format is often a stream of bytes.
The researchers emphasize that these weaknesses pose potential risks to businesses, governments, and public authorities, with the potential for significant financial consequences.
They investigated how Java vulnerabilities, particularly those involving deserialization, are addressed. Bartel points out that the study identifies recurring mistakes made by programmers, leading to the reintroduction of vulnerabilities.
The findings reveal that the flow of bytes, representing the flow of information, allows attackers to modify information during the deserialization process, thereby gaining control over the receiving system.
Read Also: Oracle Sues Google for Copying Android on Java, Supreme Court Says It’s Fair Use and Gives Pass
Major Companies Affected
The study highlights examples of major companies affected by these flaws, including PayPal, the San Francisco Department of Transportation, and Equifax. Vulnerabilities led to unauthorized access, control over computers, and the theft of a massive amount of personal data, respectively.
“Our findings suggest that the entire supply chain of the developed application should be thoroughly verified throughout the application’s lifecycle. The findings are very serious as they have the potential to be costly, not only for companies but also for society at large,” Bartel noted.
Serialization and deserialization are fundamental computer science processes involving data structure storage and transfer. They also play critical roles in various sectors, such as pharmaceuticals, game development, and the financial industry.
The researchers said they are actively working on developing more efficient methods to detect and prevent these vulnerabilities, aiming to enhance the security of Java applications.
Related Article: Windows and Linux Devices Targeted by New Java-Based Ransomware; Java File Format Makes it Difficult to Detect
ⓒ 2023 TECHTIMES.com All rights reserved. Do not reproduce without permission.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years. I have a wealth of knowledge to share with my readers, and my goal is to help them navigate the ever-changing world of cryptocurrencies.
