Security storm brewing for Oracle Java-powered smart cards

Bug hunters say Oracle's Java Card platform is host to a dozen and a half security flaws that could place smart-cards and similar embedded devices using the tech at risk of hijacking. Adam Gowdiak, CEO of Security Explorations, said he and his team discovered and privately reported the vulnerabilities to Oracle and smart-card hardware biz Gemalto. Designed for things like SIM cards, payment cards, and other embedded tech, Java Card lets snippets of code, dubbed applets, run within a small memory footprint on cards and similar gadgets using the minimal processing power available in the widgets.