Oracle releases fix for major Java exploit

By Juha Saarinen on Jan 14, 2013 1:08 PM
Filed under Security

Mozilla and Apple act on security flaw.

Oracle has released a patch for a major zero-day security flaw in Java which was reportedly being widely exploited by attackers.

The fixes include switching Java security settings to high by default, according to Oracle's Software Security Assurance Blog, requiring users to "expressly authorise the execution of of applets which are either unsigned or self-signed."

When visiting malicious websites, users will be notified before an applet is run and be able to deny execution of a potentially dangerous one. Oracle said this will prevent so-called drive-by attacks where users' systems are infected without their knowledge.

Oracle recommended users apply the fixes as soon as possible. The security flaws that were reported to the company in August and September last year are being exploited in the wild. 

The vulnerabilities affect all versions of Java 7 and not server, desktop apps or embedded variants.

However, the United States National Vulnerability Database advises that versions 4 to 7 are all vulnerable to the security hole.

Both Apple and Mozilla have taken steps to protect their users against attacks.

Mozilla has enabled Click To Play for recent versions of Java, which means the plug-in won't load unless users expressly click to enable it, and Apple last week rolled out a malware definition that blocks the Java plug-in for OS X, according to Mac Rumours.

Last year Apple OS X users were hit by an earlier Java security hole that saw over 600,000 Macs being hijacked and utilised in a botnet.

 
Follow us on Facebook and Twitter
 

Copyright © iTnews.com.au . All rights reserved.

Oracle releases fix for major Java exploit
 
 
 
 
 
Top Stories
10 things we learned this week
Seasons greetings and "Yo Gabba Gabba!" from CRN.
 
Microsoft partner Ensyst acquired by Optus
Australian partner of the year joins Optus Business.
 
How I learned to stop worrying and love Hyper-V
How secondhand data centre pizza boxes and tablets can get an SMB mobile and productive.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.