Search
Sign in with
Sign up | Sign in
13 comments

Oracle Patches Critical Flaw in Java

By - Source: Oracle

Oracle has reacted to the recent discovery of a critical security issue in Java.

 Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".

Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."

Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.

"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.

The issue as well an exploit were first discovered by @kafeine last Friday.

Contact Us for News Tips, Corrections and Feedback

You need to be logged to post a comment

There are 13 Comments. B
Top Comments
  • 21 Ð
    godfather666 , January 15, 2013 2:24 AM
    What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.
Other Comments
  • 1 Ð
    iknowhowtofixit , January 15, 2013 2:06 AM
    A link to download would be great...
  • 5 Ð
    iknowhowtofixit , January 15, 2013 2:08 AM
    http://www.java.com/en/download/manual.jsp
  • 2 Ð
    tntom , January 15, 2013 2:13 AM
    Well great! I must use Java for my work. I teach remotely over the internet for a large online education company. That is almost 600 teachers and around 100,000 students. They use Blackboard Collaborate. It is Java based and launches it's own window outside the browser. I can't imagine how many other platforms require Java on a daily basis but Oracle needs to make sure it is secure.
  • 0 Ð
    electronian , January 15, 2013 2:19 AM
    Reuters just reporting that the patch has left remaining vulnerability: http://www.reuters.com/article/2013/01/14/us-java-oracle-security-idUSBRE90D10P20130114
  • 21 Ð
    godfather666 , January 15, 2013 2:24 AM
    What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.
  • 2 Ð
    Soda-88 , January 15, 2013 2:26 AM
    iknowhowtofixitA link to download would be great...

    Control Panel>Java (32-bit)>Update>Update now
  • 0 Ð
    Cryio , January 15, 2013 2:55 AM
    How bad was this exploit?

    Could it make any damage on a Windows 8 x64, Opera x64, Oracle x64 plug-in? Which was only used now and then?
  • 1 Ð
    ko888 , January 15, 2013 2:57 AM
    Below the article's title just click on the word Oracle, it's hyper-linked to the Downloads page.

    2:50 PM - January 14, 2013 by Wolfgang Gruener - source: Oracle
  • 0 Ð
    internetlad , January 15, 2013 4:43 AM
    To everybody asking for a link

    http://lmgtfy.com/?q=latest+version+of+java
  • 2 Ð
    d_kuhn , January 15, 2013 5:16 AM
    I just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.
  • 2 Ð
    A Bad Day , January 15, 2013 5:20 AM
    There's nothing wrong with Java, but there is something wrong with the company managing its compiler.

    Java allows programs to be ported across many OSes or platforms with minimal efforts, thus decreasing bugs and project costs.

    However, I do not like Oracle's efforts at making Java secure.
  • 1 Ð
    ko888 , January 15, 2013 5:27 AM
    d_kuhnI just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.
    If you're not running Java applications and/or applets you shouldn't encounter any problems.

    The web browser deals with JavaScript which is different than an an application developed using the Java programming language and requires the JRE to be able to run it.
  • 1 Ð
    quotas47 , January 15, 2013 9:13 PM
    My institution's primary reporting software is incompatible with Java 7.
    We cannot upgrade it, because we do not produce the base components our flavor of this software runs on.

    We have no choice but to leave ourselves unsecured; disabling 6 is out of the question.
Related Content