A cross-platform trojan that can attack three different operating systems using Java has been found. Write once, run everywhere works for writers of malware except they need a different payload for different OS.
The idea of Java is great but it’s about time the holes in it were closed. Open-sourcing happened years ago. There’s no excuse for allowing Java, essentially, to be a “trojan-trojan” for malware.
Java still makes sense for applications but allowing/widely using downloads of Java applications is a questionable practice since the language is so easily abused. It’s not just Java. Several other programming languages have similar problems.
A search for vulnerabilities for Pascal gives No results found for site:mitre.org “weaknesses of software written in Pascal”. This is another example of the KISS principle (Keep It Simple, Stupid). Throwing everything into a programming language increases the number of holes and we don’t need holes.