Oracle Corp to fix Java security flaw 'shortly'

by Hilbert Hagedoorn on: 01/14/2013 08:55 AM | source: | 1 comment(s)

Oracle Corp said it is preparing an update to address a flaw in its widely used Java software after the U.S. Department of Homeland Security urged computer users to disable the program in web browsers because criminal hackers are exploiting a security bug to attack PCs. "A fix will be available shortly," the company said in a statement released late on Friday.

The Department of Homeland Security and computer security experts said on Thursday that hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs. That has enabled them to commit crimes from identity theft to making an infected computer part of an ad-hoc computer network that can be used to attack websites.

Veeshush
Senior Member

Posts: 1095
Joined: 2010-11-28

#4500577 Posted on: 01/14/2013 07:58 PM

Update is out.

http://krebsonsecurity.com/2013/01/oracle-ships-critical-security-update-for-java/

"Also, it seems malware writers are constantly finding new zero-day vulnerabilities in Java, and I would not be surprised to see this zero-day situation repeat itself in a month or so. Also, most users who have Java installed can get by just fine without it (businesses often have mission-critical operations that rely on Java)."

Basically, to treat it like "oh the plugin is safe again! PATCH IS OUT!" is a really false sense of security. The only good thing about this latest update is “The default security level for Java applets and web start applications has been increased from “Medium” to “High”.

Post New Comment

Click here to post a comment for this news story on the message forum.