Java Exploits Used In Zero-Day Attacks Now Patched
Both Adobe and Oracle issued critical updates on Wednesday, Feb. 20 to fix the zero-day security flaws in Java. Two security holes were found and fixed that allowed hackers to break into computers using Adobe Reader and Acrobat.
Zero-day attacks exploit known vulnerabilities of an application (in this case it was Java), giving no awareness to the flaw. This means that developers have had "zero days" to address and patch the security hole.
The recent consecutive cyber-attacks on employee computers at Twitter, Facebook and Apple made the public aware of the vulnerabilities in Java. Hackers were using the Java exploits to break into machines running on Mac and Windows operating systems.
Java SE7 Update 15 and Java 6 Update 41 were released by Oracle to repair the security holes found on Windows machines. Users can find out if Java is installed on their system simply by visiting Java.com and selecting the "Do I have Java" link. To update Java, existing users can do so via the Java Control Panel and selecting "Update Now" button from the Update tab.
Adobe issued updates that bring Reader XI and Acrobat XI to version 11.0.02 and Reader X and Acrobat X to version 10.1.6 on both Mac and Windows machines. For Linux, the new version number for Reader and Acrobat is 9.54.
Apple released its own update that not only updates Java, but disables the Mac OS X system's Java plugin. A malware tool was released by Apple that should remove various types of malware that were used in the Java exploits.
It's recommended that you remove Java or unplug it from the browser unless you absolutely need to have it. You may also download an additional browser and just designate that browser for use on safe sites that require Java.