Cliff Saran’s Enterprise blog

Aug 29 2012   4:48PM GMT

Java exploit questions Oracle’s security

Cliff Saran Profile: Cliff Saran

Tags:
Security

Oracle has said “no comment” to the question I posed on when it would release a patch for a serious security hole in its Java runtime environment, that is currently being exploited.At the time of writing, there was absolutely no info or advice or the company’s security blog.

Internet users are at the mercy of Oracle as reports have emerged of a zero-day vulnerability that capable of infecting PCs that run Java within their web browsers.

The next patch scheduled for release by Oracle is 16 October. 

Java, the write once, run anywhere runtime environment is used on websites to add sophisticated interactivity. It requires a runtime download browser plug-in, and it is this plug-in that has been exploited.

Symantec said: “In our tests, we have confirmed that the zero-day vulnerability works on the latest version of Java (JRE 1.7), but it does not work on the older version JRE 1.6. A proof of concept for the exploit has been published and the vulnerability.”

The FireEye site warned: “It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit. Our investigation is not over yet; more details will be shared on a periodic basis.”

F-Secure added: There being no latest patch against this, the only solution is to totally disable Java. Since this is the most successful exploit kit + zero-day… qué horror. Please, for the love of your computer disable Java on your browser.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: