Oracle Working on Critical Java Patch For Release Soon

rated by 0 users
This post has 7 Replies | 1 Follower

Top 10 Contributor
Posts 26,710
Points 1,208,235
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Jan 13 2013 1:59 PM
Consider this a PSA: Oracle is going to patch that hole in Java, the one that security pros discovered last week. Cybercriminals were using a zero-day exploit in Oracle’s Java to deliver malware payloads, steal identities, and take over computers to force them to commit nefarious acts.

According to Reuters, Oracle said that “A fix will be available shortly”, which of course begs the question of what “shortly” means, exactly. In an hour? A week? A month?

Java

In any case, the exploit apparently only affects Java 7, so users with older versions of the software can breathe a sigh of relief. However, everyone should note well that this is the second major security flaw in Java that researchers have uncovered in the last few months; back in September, Security Explorations found a hole that affected potentially billions of PCs worldwide using Java 5, 6, and 7.
  • | Post Points: 80
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sun, Jan 13 2013 5:59 PM

As most people in the industry know: Oracle = evil. Don't buy or use their garbage. It's great that it works across multiple platforms, but it sucks when they sue you for making a compatible implementation (dalvik)

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Jan 2012

Soon -at least if one believes cnet reporting means tonight (01/13). The fix, as reported, is a change in Java's default security setting when interacting web applications. Umm...

  • | Post Points: 5
Top 10 Contributor
Posts 8,756
Points 104,950
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sun, Jan 13 2013 9:40 PM

Turn it off until a 'real' fix is cooked up.

Yeah, that sounds about right.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 50 Contributor
Posts 2,929
Points 24,760
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Mon, Jan 14 2013 9:09 AM

Don't install Java unless you need it for something. same goes for Adobe Flash. keep in mind though that if you need an older version of Java there will be no more patches for you as support has ended. Time for any slacking Devs to get their apps working on the current version (java 7).

  • | Post Points: 5
Top 150 Contributor
Posts 656
Points 5,955
Joined: May 2008
Location: Stockholm
mhenriday replied on Mon, Jan 14 2013 2:29 PM

Java 7u11 is now out....

Henri

Top 50 Contributor
Posts 2,929
Points 24,760
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Thu, Jan 17 2013 8:46 AM

mhenriday:

Java 7u11 is now out....

Henri

And as of Monday you could buy an exploit kit for it.

 

http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/

Top 150 Contributor
Posts 656
Points 5,955
Joined: May 2008
Location: Stockholm
mhenriday replied on Thu, Jan 17 2013 9:41 AM

It's a jungle out there....

Henri

Page 1 of 1 (8 items) | RSS