Breaking News

Samsung TVs get HDR10 Plus Supported Content Razer Sets New Standard In Esports Dominance With The All-New Huntsman V3 Pro 8KHz PNY Unveils CS3250 M.2 NVMe PCIe Gen5 x4 SSD Arx 500 White ARGB – compact form and full performance from ENDORFY CORSAIR releases Top-of-class PCIe 5.0 SSD and Adds 4TB option in M.2 2242 size

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Oracle Patches Java Bugs

Oracle Patches Java Bugs

Enterprise & IT Jan 14,2013 0

Oracle released an emergency update to its Java software for surfing the Web on Sunday but questions remain on whether the updated software is safe. The Security Alert CVE-2012-042 released by Oracle on Sunday addresses two vulnerabilities affecting Java in web browsers, according to Oracle.

These vulnerabilities do not affect Java on servers, Java desktop applications, or embedded Java.

They are both remotely exploitable without authentication. Oracle recommends that this Security Alert be applied as soon as possible because these issues may be exploited "in the wild" and some exploits are available in various hacking tools.

The exploit conditions for these vulnerabilities are the same. To be successfully exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website. The execution of the malicious applet within the browser of the unsuspecting users then allows the attacker to execute arbitrary code in the vulnerable system. These vulnerabilities are applicable only to Java in web browsers because they are exploitable through malicious browser applets.

With this Security Alert, Oracle is also switching Java security settings to "high" by default. The high security setting requires users to expressly authorize the execution of applets which are either unsigned or are self-signed. As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet.

Oracle released the update just days after the U.S. Department of Homeland Security urged PC users to disable the program because of bugs in the software that were being exploited to commit identity theft and other crimes.

Adam Gowdiak, a researcher with Poland's Security Explorations who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.

"We don't dare to tell users that it's safe to enable Java again," said Gowdiak.

Responding to Oracle's updated software, the U.S. Department of Homeland Security reiterated advice for computer users to disable Java software for surfing the Web.

"Unless it is absolutely necessary to run Java in web browsers, disable it," the Department of Homeland Security's Computer Emergency Readiness Team said on Monday in a posting on its website.

Tags: oracleJava
Previous Post
Paper Says Apple Cut LCD panel Orders For iPhone 5
Next Post
ASUS Launches the MeMO Pad

Related Posts

  • Cloud Service Demand Boost Oracle's Results

  • Oracle Expands Its Datacenter Infrastructure in Five New Regions Worldwide

  • Research Firm Sees a Possible Amazon-Oracle Merger

  • Oracle Expands Database Offerings

  • Microsoft and Oracle to Interconnect Microsoft Azure and Oracle Cloud

  • Oracle Accuses Google of Snooping Users

  • Mozilla Asks Supreme Court to Support Google in Case Against Oracle

  • Google asks U.S. Supreme Court to end Oracle copyright case

Latest News

Samsung TVs get HDR10 Plus Supported Content
Consumer Electronics

Samsung TVs get HDR10 Plus Supported Content

Razer Sets New Standard In Esports Dominance With The All-New Huntsman V3 Pro 8KHz
PC components

Razer Sets New Standard In Esports Dominance With The All-New Huntsman V3 Pro 8KHz

PNY Unveils CS3250 M.2 NVMe PCIe Gen5 x4 SSD
PC components

PNY Unveils CS3250 M.2 NVMe PCIe Gen5 x4 SSD

Arx 500 White ARGB – compact form and full performance from ENDORFY
Cooling Systems

Arx 500 White ARGB – compact form and full performance from ENDORFY

CORSAIR releases Top-of-class PCIe 5.0 SSD and Adds 4TB option in M.2 2242 size
PC components

CORSAIR releases Top-of-class PCIe 5.0 SSD and Adds 4TB option in M.2 2242 size

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Noctua NF-A12x25 G2 fans

Noctua NF-A12x25 G2 fans

be quiet! Pure Loop 3 280mm

be quiet! Pure Loop 3 280mm

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed