/// Oracle Patches Java Vulnerability

January 14, 2013  |  All Things Digital

Oracle says it has repaired a security flaw in its Java software that inspired a rare call from the Department of Homeland Security advising consumers to disable the software entirely. On Sunday afternoon Oracle released a patch for the critical vulnerability which could be exploited to install and execute malicious code on unguarded systems. And not a moment too soon. By the end of last week, security researchers had already spotted malware designed to exploit it in the wild . Some theorized the flaw potentially put over 850 million PCs at risk. In a bulletin Oracle said the patch not only repairs the vulnerability, but switches Java’s security setting to “high” by default. “The default security level for Java applets and web start applications has been increased from ‘medium’ to ‘high,” Oracle said in an advisory today. “… With the ‘high’ setting the user is always warned before any unsigned application is run to prevent silent exploitation.” A thoughtful additional precaution — though one you’d think it would have occurred to Oracle to add earlier on. But are these measures sufficient to protect consumers who use Java? Java security expert Adam Gowdiak isn’t so sure

Excerpt from:
Oracle Patches Java Vulnerability

Leave a Reply

You must be logged in to post a comment.