A new Java patch has been released repairing a critical security vulnerability which reportedly open doors for large scale cyberattacks. The vulnerability, which was so critical it prompted the U.S. Department of Homeland Security to issue warnings, affected all systems running Java 7.10.
The new release from Oracle, Java 7 Update 11, is said to close not only all the holes penetrable in the previous version but also includes a fix for another previously undisclosed critical
vulnerability. Oracle also confirmed that the flaws in question do not
affect Java 6 or earlier versions of the runtime. Oracle urges users to
update as soon as possible.
The security alert
for CVE-2013-0422 notes in its Risk Matrix that CVE-2012-3174, another
critical, remotely exploitable vulnerability, is also being fixed in the
update. Little is known of the equally severe vulnerability except that
its CVE number was apparently assigned in June 2011 and its discovery
appears to be credited to a Brian Murphy via TippingPoint.
Oracle's quick response to this high profile, easily exploited vulnerability is commendable. However, I for one suggest leaving Java disabled or un-installed unless you absolutely need it. This is the second major issue with Java in just a few short months. Given that the on-going consensus amongst security experts is to leave Java disabled in the
browser especially as few sites these days actually use Java. The Windows control panel for
Java also allows users to easily disable the Java plugin giving you the option of keeping it installed and only enabling it as needed.
Instructions on how to disable Java in Chrome, Firefox and Safari are also available from their respective companies.
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net