Is there a world record for number of software vulnerabilities exposed within the span of a single month? If so, I'm willing to bet that Oracle's Java is the clear winner. We've reported on many Java happenings over the past couple of months, and it doesn't look like the fun is going to end anytime soon.
Security firm FireEye is responsible for the latest finding, noting that this zero-day exploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15. It takes advantage of a vulnerability that might allow someone to overwrite bits of data Java has stored in the RAM - such as the area that tells it whether or not the security manager is enabled. While success is hit or miss, if it does land, an HTTP GET command will be issued that downloads the McRAT malware, which could be used to download additional malware.
FireEye recommends disabling Java until a patch has been released, or to at least set its security to "High". We'd recommend considering getting rid of it entirely, because with the number of vulnerabilities being made known about all the time, things are just getting ridiculous. If you do have Java installed, it might be worth asking yourself what you're using it for. In talking to friends, I've discovered that it's not uncommon for people to have Java installed from something they needed once, and then just never bothered to uninstall it.
For those who do require it, we feel your pain.
Oracle have stepped up their game. Surely all these leaks, most of them being found by security firms and luckily not malicious hackers, will be patched soon. People have been shaken awake and are now all finding leaks in Java. This will make 1) Oracle more aware of theri security shortcomings and 2) make Java safer.
Of course I'd much rather that Java be phased out. It's an extra weakness on a system. But realistically, Java is out there and widespread. Not everyone can just Ditch it, and if that's the case, we might as well look for all the leaks we can find and toughen Java up.
It's a good thing :)
The company I work for has advised our customers to get rid of it completely. Adobe and Java are being exploited hard. Good article.
This has just gotten out of hand. Java is barley even needed
anymore, and it is nothing but a security risk. It should be disabled if it has
not been already. Here is how if anyone doesn’t know http://disablejava.com/#howto
Its Java it will never stop.
Another BAD NEWS from Java. I already uninstalled both 32 and 64 bit Java out of my PC.. I think Java need to step and make more beefed up the sercuity on Java. I will hold off until Java get fix or look else to get new program similar to Java
And this is exactly why I decided not to learn Java. It just seems like it's becoming a dead code at a very quick pace. On the other hand, a lot of people still depend on it. Will we ever see it completely phased out? I doubt it.
It's like the never ending story. JAVA gets it again.
Just say no,.......
Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.
I unfortunately do need Java for one thing, so I've moved it to a virtual machine instead. Next best thing to not having it at all.
Integrating Java with the browser is the worst idea since Microsoft invented ActiveX.
What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2014 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms