Integrations Journal



Oracle Java 7 Update 11 Fixes Major Security Holes

Written by  Harpreet | 14 January 2013
E-mail PDF

JavaLast week has been a hard one for Java. US Department of Homeland Security issued warnings to users that they should consider disabling or even completely uninstalling Java software on computers. The warnings came after security experts informed the department about how millions of users, both business and consumers, were left wide open to a serious vulnerability discovered in Java software. The vulnerability allowed hackers to push ransonware to affected users.

Apple joined in by remotely disabling the Java 7 plug-in on its Mac computers. Apple's computers do not include Java right out of the box. That ensures a majority of Apple customers won't be affected by the vulnerability but the Cupertino based company went ahead to secure Java users on Mac. Reportedly the issue applies to all versions of Java between 4 and 7. Mozilla followed it up with an announcement that it has added all recent versions of Java to its add-on blacklist on its Firefox web browser. Oracle announced that it will patch the vulnerability very soon.

The weakness in Java software allowed hackers to install malicious software on computers to enable identity theft. Hackers could even exploit the vulnerability to include affected systems in a collective botnet to bring networks down or to run denial-of-service attacks against websites. According to Computer Emergency Readiness Team(CERT), exploit codes were openly available for anyone to access and deploy.

On Sunday, Oracle finally released an update to address the security vulnerability. The Java 7 Update 11 can be downloaded from Oracle's website. If you're a Java user, it is highly recommended that you update as soon as possible. The new update fixes two main vulnerabilities discovered last week. The update changes the default Java Security Level setting to High instead of Medium. Users will now be prompted before using any unsigned Java applet or a Java Web Start Application.

The update should be good enough to address concerns arising from the US Department of Homeland Security for now. This isn't the first time a major vulnerability has been discovered and exploited on Java. The security firm Security Explorations, which covered the latest vulnerabilities, declared that the newly discovered issue wouldn't have cropped up if Oracle had addressed an old security vulnerability. The company had discovered a loophole back in August 2012 and reported it to Oracle. Reportedly Oracle did issue a fix but it wasn't complete.

After the current update users should be able to use Java software on their computer systems. Apple and Mozilla will allow the latest update to run on users’ computer systems.

[Source: PR/Blogs]



Harpreet is a technology journalist based in India. He currently writes on Mobile, Technology and Startups. He is an avid reader and a passionate writer. Prior to ToolsJournal, Harpreet used to write for a major English news daily.

blog comments powered by Disqus