IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Web Development
#
AlienVault
#
Development
Oracle preparing Java statement in wake of accusations
Thu, 30th Aug 2012
FYI, this story is more than a year old
By Staff Writer
Follow us

Oracle is expected to comment on the Java software security breach as researchers claim they knew about vulnerabilities since April.

The Java software security scare caused many industry experts to urge users to disable the software in their browsers after becoming open to indefensible hacker attacks.

Oracle initially declined to comment on the security scare but a spokesperson for the company believes advice is on the way as security researchers claim the company knew since April about the existence of two unlatched Java 7 vulnerabilities.

According to Computer World, Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, says Oracle knew of the problems after his company reported 19 Java 7n security issues on April 2 this year.

The company says it continued to report Java 7 vulnerabilities in the following months with the total number reaching 29.

"We demonstrated 16 full Java SE 7 sandbox compromises with the use of our bugs," Gowdiak says.

"Although we stay in touch with Oracle and the communication process has been quite flawless so far, we don't know why Oracle left so many serious bugs for the Oct. CPU."

The widely installed free software from Oracle opens computers to security threats which experts say are impossible to combat.

While Oracle has yet to comment on the security breach, warnings from Rapid 7, AlienVault and other online security companies advised users to immediately disable Java software with the system currently sitting on 97% of enterprise desktops.

Experts say a flaw in the latest version of Java is allowing a second piece of software called ‘Poison Ivy’ to let hackers gain control of an infected computer and form an attack.

"If exploited, the attacker will be able to perform any action the victim can perform on the victim's machine," said Tod Beardsley, engineering manager Rapid 7.

Computers can get infected without their users' knowledge through visiting any website which has been compromised by hackers.

Rapid7 has set up a web page informing users of the risks.

Related stories
GitLab unveils Duo Chat for simplified AI-powered DevSecOps workflows
SAS Viya Workbench expands data & AI platform's capabilities
DataStax expands strategic partnership with Google Cloud
GitHub reveals new trends in global software development
Neo4j announces native integrations with Google Cloud for GenAI apps
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA