Oracle Patches Critical Flaw in Java
Oracle has reacted to the recent discovery of a critical security issue in Java.
Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".
Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."
Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.
"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.
The issue as well an exploit were first discovered by @kafeine last Friday.
Contact Us for News Tips, Corrections and Feedback
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
-
tntom Well great! I must use Java for my work. I teach remotely over the internet for a large online education company. That is almost 600 teachers and around 100,000 students. They use Blackboard Collaborate. It is Java based and launches it's own window outside the browser. I can't imagine how many other platforms require Java on a daily basis but Oracle needs to make sure it is secure.Reply -
electronian Reuters just reporting that the patch has left remaining vulnerability: http://www.reuters.com/article/2013/01/14/us-java-oracle-security-idUSBRE90D10P20130114Reply -
godfather666 What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.Reply -
Soda-88 iknowhowtofixitA link to download would be great...Control Panel>Java (32-bit)>Update>Update nowReply -
Cryio How bad was this exploit?Reply
Could it make any damage on a Windows 8 x64, Opera x64, Oracle x64 plug-in? Which was only used now and then? -
ko888 Below the article's title just click on the word Oracle, it's hyper-linked to the Downloads page.Reply
2:50 PM - January 14, 2013 by Wolfgang Gruener - source: Oracle -
d_kuhn I just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.Reply
-
A Bad Day There's nothing wrong with Java, but there is something wrong with the company managing its compiler.Reply
Java allows programs to be ported across many OSes or platforms with minimal efforts, thus decreasing bugs and project costs.
However, I do not like Oracle's efforts at making Java secure. -
ko888 d_kuhnI just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.If you're not running Java applications and/or applets you shouldn't encounter any problems.Reply
The web browser deals with JavaScript which is different than an an application developed using the Java programming language and requires the JRE to be able to run it.
Most Popular
By Mark Tyson