IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Oracle fixing Java issues after security scare
Tue, 15th Jan 2013
FYI, this story is more than a year old

Oracle says it is currently fixing the issues surround Java, following security problems with the application last week.

The multinational tech corporation was responding to reports by the US Computer Emergency Readiness Team (US-CERT), who issued the following warning about the system:

“Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.

"By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

"The critical security hole, which allows attackers to execute malicious software on a victim’s machine, was quickly exploited in the wild and made available in common exploit kits.

"Later the same day, Apple stepped in to block Java 7 on OS X 10.6 and up to protect Mac users.

"On Friday, we learned the 0-day code would not have worked if Oracle had properly addressed an old vulnerability, according to Security Explorations, the security firm responsible for identifying most of the latest Java vulnerabilities.

"Back in late August 2012, the company informed Oracle about the insecure implementation of the Reflection API, and Oracle released a patch for it in October 2012, but the fix wasn’t a complete one.

"Also on Friday, Mozilla added all recent versions of Java to its Firefox add-on blocklist.

"These include Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38; older Java versions were already blocklisted due to other vulnerabilities.

"Once Oracle releases Java 7 Update 11, Mac users and Firefox users will once again be able to use the plug-in.

"Unfortunately, since the company still hasn’t provided a date for when that will be, we recommend that regardless of what browser and operating system you’re using, you should uninstall Java if you don’t need it and disable it otherwise.

"If you absolutely must use it, do so in a secondary browser.”

Oracle replied to the statement, telling customers "a fix will be available shortly."

Are you still using Java? Tell us your thoughts on the security concerns below