Oracle patches serious Java flaw

Nicole Kobie August 31, 2012

Oracle has patched a major flaw in Java that had security experts warning users to delete it from their computers.

Oracle patches serious Java flaw

On Sunday, researchers at FireEye reported they had uncovered a serious hole in Java, with senior staff scientist Atif Mushtaq telling PC Pro that it “is a very serious issue and it needs to be addressed as soon as possible”.

While issuing a patch a few days after it being discovered may seem quick action, it was enough time for the exploit to be worked into a major malware toolkit. Plus, another research firm, Security Explorations, said it reported the vulnerability to Oracle months ago – with no response.

Find out more

FireEye reveals how it discovered the Java flaw

Oracle did not acknowledge the problem until late last night, but did reference the security reports as it rolled out an out-of-cycle upgrade to Java, ranking three of the four flaws it addressed as top-level threats.

“Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” software security assurance director Eric Maurice said in a Oracle blog post. “Furthermore, note that the technical details of these vulnerabilities are widely available on the internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.”

Chester Wisniewski, senior security advisor at Sophos, noted that the update also included patches for previously unknown flaws, suggesting those vulnerabilities may also already be in use by hackers.

“The good news is customers who require Java in their environments can now deploy an official fix and proceed with less risk,” he added in a blog post. “The bad news is one of the fixes they shipped out affects Java 6, so everyone needs to patch, not just those who were running Java 7.”

He added that it’s still a wise move to delete Java from your machine, if you don’t actually use it. “If you can get by without it, you should,” Wisniewski said. “That is true for any application that interfaces with the internet. Fewer programs means fewer vulnerabilities.”

The Java update can be downloaded here.

Send Email

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

You may also like
How to Find out Who an Unknown Caller Is
How To Find out Who an Unknown Caller Is

Evan Gower September 19, 2023

Amazon Prime Windows 10 App
How to Remove Your History and Watchlist from Amazon Prime Video

Steve Larner September 19, 2023

Facebook How to Make Profile Private
How to Make Your Profile Private On Facebook

Evan Gower September 19, 2023

Send To Someone

Missing Device

    Todays Highlights
    How to Change the Location on a FireStick

    Lee Stanton April 1, 2023

    How to See Google Search History
    How to View Your Google Search History

    Steve Larner March 7, 2023

    How to Change Your User Name in Zoom

    Lee Stanton August 23, 2022

    How to Use Inspect Element

    Lee Stanton August 16, 2022

    how to download photos from google photos
    How to Download Photos from Google Photos

    Cassandra McBride December 3, 2022

    How to Change Your Username on Fortnite

    Lee Stanton February 20, 2023