Just a few days ago, Oracle let loose an update for JavaScript which put countless users' computers at risk with a serious exploit hidden in its code. The flaw, which hackers have been known to target using infected HTML pages, has become so widespread that the Department of Homeland Security advised PC owners that "Unless it is absolutely necessary to run Java in web browsers, disable it...even after updating to 7u11. This will help mitigate other Java vulnerabilities in the future."
7u11 is Oracle's response to the well-known zero-day vulnerability, although the patch is regarded as a short term answer by experts. Data security expert Sorin Mustaca told the Salt Lake Tribune that "This is definitely a temporary fix. If you do a fix under a lot of pressure and very, very fast, then only one thing will happen: more vulnerabilities. So, for me, this is just the rain before the storm. I think it will get worse, it will get much worse."
In a statement, Oracle revealed to CNET that the issue "is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices."
The site notes that the flaw is a "real-world threat" and that it "is being incorporated into exploit kits that make it easier for those with ill intentions to create an attack."
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
