by Staff Writers
San Francisco (AFP) Jan 14, 2013
Oracle on Monday was distributing a patch for Java software flaws deemed so dangerous that the US Department of Homeland Security said that people should stop using it.
"Oracle recommends that this Security Alert be applied as soon as possible because these issues may be exploited 'in the wild' and some exploits are available in various hacking tools," Oracle's Eric Maurice said in a blog post.
The patch was crafted to fix two holes that hackers could slip through in Java 7 software used by web browsers to interact with websites.
"To be successfully exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website," Maurice said.
"The execution of the malicious applet within the browser of the unsuspecting users then allows the attacker to execute arbitrary code in the vulnerable system."
Essentially, hackers could take advantage of the vulnerability to infect and take control of computers by getting them to visit a booby-trapped website.
Oracle raised Java security settings so that mini-programs referred to as "applets" will need to get permission from website visitors before being able to run on people's computers, according to Maurice.
Despite the patch, which was released by Oracle on Sunday, computer specialists at the Department of Homeland Security advised people to avoid using the software "unless it is absolutely necessary," even after updating.
"This will help mitigate other Java vulnerabilities that may be discovered in the future," the DHS Computer Emergency Readiness Team said Monday in an updated advisory on its website.
Java is distributed by business software powerhouse Oracle and is popular because it lets developers create websites in code that can be accessed regardless of a computer's operating system.
Java was created by Sun Microsystems, which was purchased by Northern California-based Oracle.
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2012 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|