 |
Oracle is
distributing a patch for flaws so dangerous the Department of
Homeland Security
said people should stop using it (Getty Images/AFP/
File, Justin Sullivan)
|
SAN
FRANCISCO — Oracle on Monday was distributing a patch for Java software flaws
deemed so dangerous that the US Department of Homeland Security said that
people should stop using it.
"Oracle
recommends that this Security Alert be applied as soon as possible because
these issues may be exploited 'in the wild' and some exploits are available in
various hacking tools," Oracle's Eric Maurice said in a blog post.
The patch
was crafted to fix two holes that hackers could slip through in Java 7 software
used by web browsers to interact with websites.
"To be
successfully exploited, an attacker needs to trick an unsuspecting user into
browsing a malicious website," Maurice said.
"The
execution of the malicious applet within the browser of the unsuspecting users
then allows the attacker to execute arbitrary code in the vulnerable
system."
Essentially,
hackers could take advantage of the vulnerability to infect and take control of
computers by getting them to visit a booby-trapped website.
Oracle
raised Java security settings so that mini-programs referred to as
"applets" will need to get permission from website visitors before
being able to run on people's computers, according to Maurice.
Despite the
patch, which was released by Oracle on Sunday, computer specialists at the
Department of Homeland Security advised people to avoid using the software
"unless it is absolutely necessary," even after updating.
"This
will help mitigate other Java vulnerabilities that may be discovered in the
future," the DHS Computer Emergency Readiness Team said Monday in an
updated advisory on its website.
Java is
distributed by business software powerhouse Oracle and is popular because it
lets developers create websites in code that can be accessed regardless of a
computer's operating system.
Java was
created by Sun Microsystems, which was purchased by Northern California-based
Oracle.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.