Java exploit questions Oracle's security
Oracle has said “no comment” to the question I posed on when it would release a patch for a serious security hole in its Java runtime environment, that is currently being exploited.At the time of writing, there was absolutely no info or advice or the company’s security blog.



Infographic: Future-proofing UK technology
The current potential of the UK technology industry is restricted by the lack of tech and digital talent available. Read through this challenge for the future of UK business and our economy.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Internet users are at the mercy of Oracle as reports have emerged of a zero-day vulnerability that capable of infecting PCs that run Java within their web browsers.
The next patch scheduled for release by Oracle is 16 October.
Java, the write once, run anywhere runtime environment is used on websites to add sophisticated interactivity. It requires a runtime download browser plug-in, and it is this plug-in that has been exploited.
The FireEye site warned: “It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit. Our investigation is not over yet; more details will be shared on a periodic basis.”
F-Secure added: There being no latest patch against this, the only solution is to totally disable Java. Since this is the most successful exploit kit + zero-day… qué horror. Please, for the love of your computer disable Java on your browser.”
Start the conversation
0 comments