Oracle patches zero-day Java security hole in three days

Posted on Monday, Jan 14 2013 @ 13:51 CET by Thomas De Maesschalck
Java logo
Oracle isn't really know for keeping its Java plug-in up-to-date to combat the latest security threats but following the discovery of yet another new zero-day vulnerability last week, the company was pretty quick to act.

ARS Technica writs Oracle rolled out the out-of-band Java 7 Update 11 just three days after news about the leak hit the web.
Earlier this week, a security hole in the latest version of Java was being "massively exploited in the wild." Hackers were turning compromised websites into platforms for installing silent keyloggers or other malicious software. And at the time news broke, even fully patched Java installations were at risk.
Security experts quoted by Reuters remark it's still unsafe to use Java on your computer as several other critical security flaws remain unpatched. HD Moore, chief security officer with Rapid7, even goes as far as to say it could take Oracle two years just to fix all security bugs that have currently been identified in the current version of Java.
HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks, said it could take two years for Oracle to fix all the security bugs that have currently been identified in the version of Java that is used for surfing the Web.

"The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don't really need Java on their desktop," Moore said.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments