Quantcast

Sunday, July 27, 2014         

 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

Oracle issues Java fix; feds maintain warning

By Ryan Nakashima

Associated Press

POSTED:
LAST UPDATED: 02:40 a.m. HST, Jan 15, 2013


OS ANGELES >> Oracle Corp. said tiday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available."

The alert follows on the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock tickers, graphical menus, weather updates and ads.

Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.

Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data, personal information or cause other harm.

The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: users are redirected to malicious sites where damaging software can be loaded onto their computers.

Oracle said it released two patches — to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."

As well, the patches set Java's default security level to "high" so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.







 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
Skyler wrote:
"Oracle Corp. said tiday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week." Wot, we 'ave an Aussie at the StarAd now? Gidday, mates.
on January 14,2013 | 01:29PM
LadyNinja wrote:
OS ANGELES? SA needs to do a better job of proofreading before issuing a pubication.....
on January 14,2013 | 02:13PM
IN OTHER NEWS
Breaking News
Blogs
Political Radar
On policy

Warrior Beat
Apple fallout

Wassup Wit Dat!
Can You Spock ‘Em?

Warrior Beat
Meal plan

Volley Shots
Fey, Enriques on MJNT

Political Radar
Wilhelmina Rise, et al.

Court Sense
Cold War