Sign in with
Sign up | Sign in

Oracle Patches Critical Flaw in Java

By - Source: Oracle | B 13 comments

Oracle has reacted to the recent discovery of a critical security issue in Java.

 Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".

Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."

Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.

"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.

The issue as well an exploit were first discovered by @kafeine last Friday.

Contact Us for News Tips, Corrections and Feedback

Display 13 Comments.
This thread is closed for comments
Top Comments
  • 21 Hide
    godfather666 , January 14, 2013 6:24 PM
    What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.
Other Comments
  • 1 Hide
    iknowhowtofixit , January 14, 2013 6:06 PM
    A link to download would be great...
  • 5 Hide
    iknowhowtofixit , January 14, 2013 6:08 PM
    http://www.java.com/en/download/manual.jsp
  • 2 Hide
    tntom , January 14, 2013 6:13 PM
    Well great! I must use Java for my work. I teach remotely over the internet for a large online education company. That is almost 600 teachers and around 100,000 students. They use Blackboard Collaborate. It is Java based and launches it's own window outside the browser. I can't imagine how many other platforms require Java on a daily basis but Oracle needs to make sure it is secure.
  • 0 Hide
    electronian , January 14, 2013 6:19 PM
    Reuters just reporting that the patch has left remaining vulnerability: http://www.reuters.com/article/2013/01/14/us-java-oracle-security-idUSBRE90D10P20130114
  • 21 Hide
    godfather666 , January 14, 2013 6:24 PM
    What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.
  • 2 Hide
    Soda-88 , January 14, 2013 6:26 PM
    iknowhowtofixitA link to download would be great...

    Control Panel>Java (32-bit)>Update>Update now
  • 0 Hide
    Cryio , January 14, 2013 6:55 PM
    How bad was this exploit?

    Could it make any damage on a Windows 8 x64, Opera x64, Oracle x64 plug-in? Which was only used now and then?
  • 1 Hide
    ko888 , January 14, 2013 6:57 PM
    Below the article's title just click on the word Oracle, it's hyper-linked to the Downloads page.

    2:50 PM - January 14, 2013 by Wolfgang Gruener - source: Oracle
  • 0 Hide
    internetlad , January 14, 2013 8:43 PM
    To everybody asking for a link

    http://lmgtfy.com/?q=latest+version+of+java
  • 2 Hide
    d_kuhn , January 14, 2013 9:16 PM
    I just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.
  • 2 Hide
    A Bad Day , January 14, 2013 9:20 PM
    There's nothing wrong with Java, but there is something wrong with the company managing its compiler.

    Java allows programs to be ported across many OSes or platforms with minimal efforts, thus decreasing bugs and project costs.

    However, I do not like Oracle's efforts at making Java secure.
  • 1 Hide
    ko888 , January 14, 2013 9:27 PM
    d_kuhnI just disabled or uninstalled Java to avoid the issue... I'm curious to see how much trouble it causes (web pages not loading properly). So far (2 days) not one problem.
    If you're not running Java applications and/or applets you shouldn't encounter any problems.

    The web browser deals with JavaScript which is different than an an application developed using the Java programming language and requires the JRE to be able to run it.
  • 1 Hide
    quotas47 , January 15, 2013 1:13 PM
    My institution's primary reporting software is incompatible with Java 7.
    We cannot upgrade it, because we do not produce the base components our flavor of this software runs on.

    We have no choice but to leave ourselves unsecured; disabling 6 is out of the question.