Android runs on Java amongst other things.

Android's use of Java is special in several ways. The Android API differs greatly from other standard Java J2SE and J2ME APIs. Secondly, the use of the Dalvik VM means that Android packages cannot just be run under desktop operating systems such as Linux, Windows, or ... Read more »

Java 0-day Vulnerability

The front page of Slashdot today tells us that another Java 0-day has been found. It works in Metasploit and is being used in the wild. Turn off the Java plugin now! Never turn it back on.

The analysis of this seems to point to the getField function of sun.awt.SunToolkit. See the code below ... Read more »

Java 0-day Vulnerability 2

Another Java 0-day vulnerability. It's being exploited in the wild. Just like last time. Repeat after me, turn off Java in all your browsers. If you're looking for the weaponized exploit, it is available for download here: Java malware. Read more »

Java Applets

The first applets to discover are the Demo Applets. If you have installed the JDK, they can be found in demo/applets. Note that the JDK 7 distributes the demos in a separate package. Alphabetically, we can start with Animator example 1. If you want to run it natively instead of in a browser for now, ... Read more »

Java Malware

Quequero recently reverse-engineered RootSmart Android Malware which explains a facet of Android malware.

Dinesh Shetty walks through reverse-engineering a piece of Android malware in Demystifying Android Malware.

Read more »