Are the recent vulnerabilities to Java also a threat to Android systems which are primarily programmed in Java? I've already disabled and uninstalled Java from my computer as many people are recommending to protect from these exploits. Should I also be concerned about my Android device? Lastly, does this affect programming in Java and/ or for Android devices?
Thanks
They don't.
The recent Java vulnerabilities only cover scenarios where you run Java in an applet context and only concern Oracle's JVM. The context of an applet is restricted and has certain privileges, and these recent vulnerabilities circumvent these privileges to gain higher ones, namely, the full privileges of the user running your browser, instead of the privileges granted by the plugin's security context.
In Android, the JVM already has access to everything the running user has access to (and the same goes for application servers, save for a more restricted policy), so you don't have to worry about it.
I don't know much about the details of this particular vulnerability but it's worth noting that Android doesn't use Oracle's JVM, it uses Dalvik, which is a very different VM with a different architecture. It can't even run standard Java bytecode without it being converted first.
Given the differences between the VMs and the fact that there shouldn't be any common code, an exploit for one is highly unlikely to be valid for the other.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With