UPDATED 11:45 EDT / JANUARY 15 2013

NEWS

Oracle Patches Java Zero Day Vulnerability but Is It Enough?

Over the past few months, Java has earned itself the reputation of ‘vulnerable’ as the most of the recent Java updates are vulnerable to exploits in one or other ways. Earlier last week, another vulnerability was discovered that was being widely exploited online, as it was included in several crime kits, including Blackhole and Cool Exploit.

Following the discovery of this exploit, Oracle released a patch to fix the issue, the way it always does. But the irony is that, experts are doubtful about its effectiveness:

“This fix is available now as Java 7u11 and anyone who uses Java in their browser should update immediately,” Ross Barrett, Senior Manager of Security Engineering at Rapid7 said in an emailed statement. “This fix also changes the default Java browser security settings to require user consent to execute Java applets which are not digitally signed, or are self-signed. This indicates that Oracle has made a minor concession against ease-of-use to try to protect users from the *next* time a Java vulnerability is exploited in the wild.”

Just like most Java vulnerabilities, this one too opens the floodgates for attackers because Java itself is cross-platform. Thus, with a little work, the same vulnerability can be used to target Windows systems, Mac OS X, and Linux at the same time.

Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers. But what’s bad about this is that despite several experts warning users to “disable Java immediately”, the security patch was released in a very low-key manner, with nothing more than an obscure post made to the notes section of its website, with no press release or no big announcement to the media.

So, with so many uncertainties surrounding Java, we again recommend that those who don’t need the software uninstall it from their system now, or at least do it carefully.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU