Oracle Releases Emergency Fix for Java Software Flaw, but Security Threats Remain
Oracle promised a fix for the security vulnerability in its Java software on Saturday and keeping its word, the enterprise software giant released Java 7, Update 11 to address the massive security flaw on Sunday. However, experts opined that the emergency fix fails to provide 100 percent protection from hackers.
The updated version can be downloaded from the Oracle website and the company recommends all Java 7 users update immediately to the new version to prevent potential security breaches. Oracle, in its release note, said the update includes fixes for security vulnerabilities and the Oracle Security Alert for CVE-2013-0422 explained in detail the issues the new update would fix.
Oracle upped the default Java Security Level for the software from "Medium to High". Resultantly, users will be prompted before any unsigned Java applet or Java Web Start application is run. "This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation," Oracle explained.
The critical security hole was first noticed by a European security researcher who blogs under the name Kafeine. The security flow that could permit an unauthenticated attacker to execute arbitrary code on targeted PCs was then widely reported. A zero-day Trojan horse called Mal/JavaJar-B was discovered to be exploiting a vulnerability in Oracle's Java 7 and it was found that it could even affect the latest version of the runtime (7u10).
Underlying the potential threat, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) urged users to disable Java in their Web browsers. However, the threat remains far from over. The CERT warned that "unless it is absolutely necessary to run Java in web browsers, disable it, even after updating to 7u11".
MORE IN ITECHPOST
Welcome To InsurTech: The Next Generation of Insurers
With how quickly technology has advanced in the past couple of decades, it's no wonder that it is changing many industries as we know it. Insurtech is sure to give insurance companies a new look and a modern business model to go by.
How Do Personal Emergency Response Systems Work?
Personal emergency response systems, known as PERS for short, are systems that help people to raise the alarm and get immediate help when a medical or personal emergency occurs. They are ideal for older people and anyone with a mobility issue or an injury or illness that can cause falls.
Game Developers’ Different Roles in the Studio
Learn about the different professionals involved in developing video games. Becoming a game developer is one of the coolest jobs around and your 14-year-old self, perched on the edge of your bed as you play PlayStation, will thank you for making such an awesome career move.
Surviving Your First Year of College
You Did It! You’re Off to College! Congratulations! You have finished high school and are off to college. The sense of accomplishment is overwhelming, and you have not even graduated yet! However, beware of the pitfalls. The allure of going to college is often associated with one word—freedom. You are leaving home to be on your own. You can have all the friends you want, stay up as late as you want, and perhaps spend as much money as you want. If you keep your head, you can avoid the problems associated with college life.