Whitelisting feature may help users who can't abandon older, buggy versions.
Oracle has added new features to Java designed to make it harder for hacked or malicious websites to carry out drive-by malware attacks that exploit underlying vulnerabilities in the widely used software framework.
As Ars reported Wednesday, some security experts say the growing prevalence of attack code exploiting flaws that will never be fixed in an older, widely used version is one factor causing the security of Java to
take a dangerous turn for the worse. That's largely the result of Oracle's move in April to stop issuing security updates for Java version 6. Many large companies still use the older release because their Java apps don't work on the latest one, putting the enterprises in the difficult position of choosing compatibility over the security of their employee desktop computers. Apple, Facebook, and Twitter are just some of the companies that have experienced breaches in the past year that targeted Java running on employee computers.
