Continue reading " />

Security Vulnerability Discovered In Latest Java Patch

javaA security vulnerability has been identified by the security firm Security Explorations in the latest version of Oracle’s Java which allows for the Java security sandbox to be bypassed completely. Another security hole, recently fixed by Oracle on Feb. 1st, has also been reported as being widely distributed and used by hackers.

Oracle has confirmed the vulnerability and is currently investigating and developing a fix.

Exploit kits used by hackers have been reported as now containing tools to specifically target the Java vulnerability recently patched by Oracle in Update 13 on Feb. 1st. This hole bypasses of the security sandbox of users who have not yet patched Java to the most recent version.

Last week saw numerous attacks upon Java-enabled computers, resulting in Facebook, Twitter, and Apple all being compromised due to an iPhone developer forum that was found to be hosting malware specifically targeting computers with unpatched versions of Java. Microsoft also reported being compromised due to the same Java vulnerability.

We advise that users who don’t specifically need Java should consider uninstalling it from their computers, or at disable the Java plug-ins in Web browsers that are used to display Java content, at least until this latest vulnerability is patched. The process is simple. You can find instructions on how to disable Java in your Web browser here.

(Note: Java should not be confused with Javascript, which is entirely unrelated and is essential to the proper functioning of far more websites than Java. It is safe to leave Javascript enabled.)

Leave a Response

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.