Critical vulnerabilities discovered in Java programming language: What threat do they pose?

Applications written in Java have serious vulnerabilities in the way the language retrieves and recreates information. These vulnerabilities were discovered by software development and security researchers from Umeå University (UMU) in Sweden. The results of the study were published on the official website of the university.

Used by more than 30% of developers worldwide, Java is used in a wide range of applications - from video games and video streaming on Spotify and Netflix to programs for space exploration, banking transactions and government systems.

Experts analyzed Java products that use deserialization - the process of restoring a data structure from an encoded state. This process is widely used in user settings, various gaming functions, shopping carts in online stores, online bank transfers and many other areas.

As it turns out, during the deserialization process in Java, attackers can gain complete control over the system due to small and common errors in the code.

These vulnerabilities have already been used by hackers to hack the San Francisco Department of Transportation, block payment terminals and steal more than 147 million personal data files from Equifax, the largest credit reporting agency in the United States.

Experts note that currently there is no easy way to eliminate these vulnerabilities, since many Java applications depend on external data libraries. The only effective security method is to avoid using deserialization when developing Java applications.