Oracle issues emergency Java patch, but holes persist
updated 06:50 am EST, Mon January 14, 2013
Oracle raises default security settings in Java security patch to High
Oracle has issued an emergency patch for Java, its popular web technology. Security researchers last week uncovered a zero-day exploit that is being exploited by hackers in two malware tookits prompting the US government to issue a warning to PC owners. Although the patch addresses certain holes, Reuters reports that a security analyst still believes that the platform remains vulnerable.
According to Oracle, the patch addresses remotely exploitable vulnerabilites that only affect Oracle Java 7 versions. The company, of course, recommends that users apply the patch as soon as possible. The patch closes a vulnerability that allowed an attacker to trick an unsuspecting user into visiting a maliciously constructed website. The threat only affects Java in web browsers and not other forms of Java and is executed through malicious browser applets.
To further help Java from being more susceptible to attacks in future, Oracle has adjusted default security settings in Java to ‘High.’ By taking this step, users who are unknowingly redirected to a malicious website will be notified before an applet is run, giving users the option to deny the applet permission to run. Oracle also says that the Java SE 7 Update 11 also makes it easier for users to disable Java in their browsers through a Java Control Panel.
Junior Member
Joined: 01-25-07
"Oracle also says that the Java SE 7 Update 10"
Wait. Did Oracle make that specific reference to the previous version of Java, or was that supposed to reference the current version, Java SE 7 Update 11?
It's no less true, but certainly more confusing. The line before it could use a spell check and some punctuation as well. :)