Oracle Belatedly Issues Java Security Fix, But Is It Enough?
Oracle has just issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers. The update follows revelations that Oracle actually knew about the vulnerability several months before it was first reported in the media.
VentureBeat explained that the patch addresses a gaping hole in the security of Java 7, one so big that any Apple computer that has the vulnerable version of Java installed on it could easily be infected with malware, simply from browsing hacked websites.
The update has been released as an emergency update for Java 7, bringing it up to version 7. Originally, Oracle hadn’t planned to roll out any more updates until October.
Oracle no doubt thought that by releasing the patch now and appearing to move swiftly to close the vulnerability, it would demonstrate how seriously they take such security threats. However, it’s been revealed that the company isn’t as quick off the mark as perhaps they’d like people to believe. The Polish research firm Security Explorations yesterday claimed that they’d warned Oracle of the vulnerability – as well as 30 other security flaws – as long ago as April of this year. So far, it’s not clear how many of those vulnerabilities have been addressed in Java’s latest patch.
Adam Gowdiak, CEO of Security Explorations, explained to UK website The Register:
“We … expected that the most serious of them would be fixed by June 2012 Java CPU. But it didn’t happen and Oracle left many issues unpatched with plans to address them in the next Java [updates].
It appears that Oracle has been caught with its pants down – if Security Explorations claims are true, then it will raise questions about the integrity of a software publisher that only takes action when it’s been shamed into doing so.
Oracle’s case hasn’t been helped by the fact that even now it seems to underestimate the dangerous nature of the problem. Despite several experts warning users to “disable Java immediately”, the security patch was released in a very low-key manner, with nothing more than an obscure post made to the notes section of its website, with no press release or no big announcement to the media.
Even worse, Forbes is reporting that even the patch itself may be questionable, claiming that Java is plagued with dozens of persistent bugs that could easily provide hackers with an avenue to circumvent it.
With so many uncertainties surrounding Java at the moment, I’d fully recommend that those who don’t need the software uninstall it from their system now. What with Java being littered with bugs, and Oracle acting like they don’t have millions of customers, the risks heavily outweigh the benefits for those who rarely use the program.
For those who do need it, it’s possible to reduce the risk by simply disabling the plugin when browsing sites that don’t require Java. Click here to learn how to disable Java in your browser, or if you don’t know whether or not you have Java installed, visit Java.com and click “Do I have Java?” below the main download to find out.
You can download the latest update for the Mac and Linux versions of Java here, while Windows users can do the same by going to the Windows Control Panel and clicking Java > Update > Update Now.
Users are highly recommended to update Java right away if they plan on using the software, as the vulnerability has been shown to exist in all versions of Java 7, from version 1 to version 6.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU