UPDATED 01:07 EDT / AUGUST 31 2012

NEWS

Oracle Belatedly Issues Java Security Fix, But Is It Enough?

Oracle has just issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers. The update follows revelations that Oracle actually knew about the vulnerability several months before it was first reported in the media.

VentureBeat explained that the patch addresses a gaping hole in the security of Java 7, one so big that any Apple computer that has the vulnerable version of Java installed on it could easily be infected with malware, simply from browsing hacked websites.

The update has been released as an emergency update for Java 7, bringing it up to version 7. Originally, Oracle hadn’t planned to roll out any more updates until October.

Oracle no doubt thought that by releasing the patch now and appearing to move swiftly to close the vulnerability, it would demonstrate how seriously they take such security threats. However, it’s been revealed that the company isn’t as quick off the mark as perhaps they’d like people to believe. The Polish research firm Security Explorations yesterday claimed that they’d warned Oracle of the vulnerability – as well as 30 other security flaws – as long ago as April of this year. So far, it’s not clear how many of those vulnerabilities have been addressed in Java’s latest patch.

Adam Gowdiak, CEO of Security Explorations, explained to UK website The Register:

“We … expected that the most serious of them would be fixed by June 2012 Java CPU. But it didn’t happen and Oracle left many issues unpatched with plans to address them in the next Java [updates].

It appears that Oracle has been caught with its pants down – if Security Explorations claims are true, then it will raise questions about the integrity of a software publisher that only takes action when it’s been shamed into doing so.

Oracle’s case hasn’t been helped by the fact that even now it seems to underestimate the dangerous nature of the problem. Despite several experts warning users to “disable Java immediately”, the security patch was released in a very low-key manner, with nothing more than an obscure post made to the notes section of its website, with no press release or no big announcement to the media.

Even worse, Forbes is reporting that even the patch itself may be questionable, claiming that Java is plagued with dozens of persistent bugs that could easily provide hackers with an avenue to circumvent it.

With so many uncertainties surrounding Java at the moment, I’d fully recommend that those who don’t need the software uninstall it from their system now. What with Java being littered with bugs, and Oracle acting like they don’t have millions of customers, the risks heavily outweigh the benefits for those who rarely use the program.

For those who do need it, it’s possible to reduce the risk by simply disabling the plugin when browsing sites that don’t require Java. Click here to learn how to disable Java in your browser, or if you don’t know whether or not you have Java installed, visit Java.com and click “Do I have Java?” below the main download to find out.

You can download the latest update for the Mac and Linux versions of Java here, while Windows users can do the same by going to the Windows Control Panel and clicking Java > Update > Update Now.

Users are highly recommended to update Java right away if they plan on using the software, as the vulnerability has been shown to exist in all versions of Java 7, from version 1 to version 6.


A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.