Serious security flaws are discovered in Oracle's Java 1.7 update 10. This zero day vulnerability was discovered by independent malware researcher "Kafeine" and became viral when he posted this on his blogJava is backbone technology which allows users platform independence , around 850 million systems have java installed. Security Advisors suggests to turn off Java in browsers, as the exploit can hijack your computers. This newly discovered exploit allows attackers remotely run arbitary code, when user visits a website with malicious code. Experts says this can be used to infect victims system with ransomware, and even hack important data like credit card details and other sensitive information.
Alien Vault Labs researchers were able to reproduce the issue in a fully patched new installation of Java. It seems that this attack can bypass some security checks compromising some Java classes. Exploit is already added to most of the exploit toolkit used by cyber criminals.
So far vulnerabilities are discovered in update 9 and update 10 while this is not clear whether the same flaws exists in older versions or not.
U.S. Department of Homeland security also urged computer users to disable Oracle's Java software. While this is a rare case when govt. advise to block completely a software because of security flow, at the same time Oracle has to work hard to regain trust of the users which was laid since release of first Java version in 1995 by Sun.
So what are you planning to protect yourselves from this potential damage?
Oracle has released Patch for Java after US gov warning, however experts says still there is chance of flaws.
ReplyDelete