Oracle says Java update coming Tuesday
Oracle is working on an update to address a flaw in its Java software.
The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.
The Department of Homeland Security last week said computer users should disable the program in web browsers because hackers were using a zero-day vulnerability to attack computer systems. Criminals were using the flaw to stealthily install malware on the computers of users who visit compromised websites.
The problem, which affects Oracle Java 7 update 10 and earlier, can allow an untrusted Java applet to escalate its privileges, without requiring code signing.
Java, which is running on 850 million computers, is a computer language that lets programmers write software using just one set of codes for computers running Windows, Apple OS X and Linux. Internet browsers use it to access web content and computers and other devices use it to run a plethora of programs.
In fact, Java is so ubiquitous that the software has become a major bull’s-eye for hackers. Last year, Java overtook Adobe Reader as the most frequently attacked software, according to computer security firm Kaspersky Lab.
Mac users probably don’t have to worry because Apple already removed Java plug-ins from OS X browsers. Apple apparently learned a lesson last year when it took its time making a Java patch available and as a result more than 600,000 Macs were infected with malware.
Last February, Oracle released a fix for a targeted vulnerability identified as CVE-2012-0507 and included it in an update for the Windows version of Java. However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle's patches to it according to its own schedule, which can be months behind the one for Java on Windows.
Mozilla also has blacklisted all current releases of Java.
“The advantage to this approach is that you are prompted every time a website wants to launch a Java applet and you can make an informed decision as to whether you truly need that applet,” says security firm Sophos in a blog post.
Copyright (c) 2013 PCWorld Communications, Inc.
pc world news
- New HP PCs include 20-inch all-in-one that lies flat for games
- AMD reveals next-gen mobile CPUs, claims unprecedented graphics performance
- Web suffered 9000 service outages in last five months
- How Apple's offshore tax mess could impact your business
- Will Microsoft allow Xbox One game rentals? Even rental companies don't know
- MSI's GX70 gaming laptop sports AMD's fresh, new flagship APU and GPU
- And the study says: Windows 8 users rarely touch Metro apps
- Microsoft wises up, pushes Office in latest Surface TV ad
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- More than 2 days ago
- 8 hours ago
- 11 hours ago
- 11 hours ago
- 12 hours ago
- 12 hours ago
- 17 hours ago
- 18 hours ago
- 19 hours ago
- 19 hours ago
- 20 hours ago
Recently recommended stories
pc world reviews
- Review: Pilot a fighter spaceship and flying robot in Strike Suit Zero sim
- Free Chrome extensions power up Gmail
- Review: FreeSpace 2 sim launches you into space
- Review: Microsoft Flight looks beautiful, might as well stay grounded
- Review: Connectify Dispatch combines network adapters to increase speed and reliability
- Review: Mash your motor with Euro Truck Simulator 2
- Review: Read and write PDF files easily with Foxit Reader 6
- Review: MarkdownPad makes composing Markdown even easier than usual
