Java : JNI usage

Java Native Interface (JNI) is a standard mechanism for launching native code in a Java virtual machine (JVM).

When JNI is used incorrectly, application security may be at risk due to vulnerabilities in the called native code.

For example, if the application calls the code written in C with the use of unsafe functions (e.g., gets()) via JNI, it is vulnerable to buffer overflow, despite the fact that the Java language is protected from such vulnerabilities. It must be taken into account that this protection does not apply to code that is called by JNI.

Since both Java code and native code called via JNI can create Java-objects and share them, the vulnerabilities in the native code can lead to more hardly detected mistakes and vulnerabilities.