Experts Claim Java Still Contains Security Flaws, Even After Yesterday's Patch

Oracle issued an emergency update to its widely-used Java web software on Sunday, but experts say it still contains security flaws.

Last week the US government advised users to disable it because of a bug that leaves computers vulnerable to being hacked.

Security specialists claim the fix has not done enough to make PCs secure.

Oracle says that more than one billion people use Java, and some games like Minecraft are built around it.

The bugs can make a computer open to infection by viruses. Last year net security specialist Kaspersky said that 50% of hacks carried out by seeking out software bugs were done via Java.

"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations told Reuters.

In a blog about the "unscheduled" update, Oracle says it has changed Java's default security settings to "high" which it says means users will be notified of any extra applications which start running while they are browsing.

Oracle says the vulnerability applies to the latest version of the software, Java 7. It has declined to comment.

Java is a programming language that enables software to run on. [BBC News]

You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology

Java Releases Patch Java SE 7 Update 11, Get The Update Here.

Oracle has released Java SE 7 Update 11 to address the vulnerability. It "strongly recommends" that Java SE 7 users upgrade immediately.

                                                               Download Java Here

What's worse is this particular exploit is reportedly being used to push ransomware, a type of attack that demands users pay to have control of their computers returned from a hacker's grasp.

Java's creator, Oracle, hasn't specified the number of users who have downloaded Java 7 Update 10. However, Java runs on more than 850 million computers and other devices. When Oracle released Update 10, it "strongly recommended" that users update to receive "key security features and bug fixes."

The exploit was first discovered by French researcher Kafeine, who claimed to have found it running on a site registering hundreds of thousands of page views daily.

"This could be a [sic] mayhem," Kafeine wrote.

Should you be worried about this exploit? While security lapses are sometimes overblown, there are good reasons to take this one seriously: The U.S. Department of Homeland Security issued a warning advising users to disable Java until a fix is discovered. Apple has apparently moved to disable Java in response to the threat. Mozilla took the opportunity to warn users and advertise "Click to Play," a Firefox feature which stops Java from loading on individual web sites until a user allows it. Many security experts are advising users disable or uninstall Java for the time being.

Our advice? It's probably a good idea to disable or uninstall Java until a fix is published. You can find out how to do that right here: How to disable Java in your web browser. How to uninstall Java for Mac. How to uninstall Java for Linux. [Mashable]

You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology

Oracle’s Patch for the Zero-Day Java Flaw in The Works

Oracle recently issued a statement in response to the discovery of a Java 7 flaw that prompted Apple to disable the software in OS X. In the statement, Oracle said that they are currently working on a fix and will release the patch soon. There was no specific timeline as to when the fix will be pushed out other than Oracle vaguely saying “a fix will be available shortly.”

For those of you who don’t already know, the U.S. Department of Homeland Security said that Java’s most-recent vulnerability is being “attacked in the wild, and is reported to be incorporated into exploit kits.” For its part, Oracle noted in its statement that the flaw only affects the most up-to-date version of Java 7 and Java software designed to run in Internet browsers. 

Both Apple and Java have had a rough relationship over the past few years, including a move to drop the Java runtime from OS X 10.7 Lion’s default installation when the OS debuted in 2010. Another flaw in Oracle’s internet plugin was responsible for the most widespread malware ever when the “Flashback” Trojan reportedly affected roughly 600,000 OS X machines in April 2012. Apple’s continued efforts to wean away from Java in OS X led to the company’s final official in-house Java update issued in May 2012, at which point all responsibility for future updates was handed over to Oracle. We’ll have to wait and see how long it takes Oracle to update the current Java issue. [ModMyi]

You can follow me on Twitter, add me to your circles on Google+ or Subscribe to me on facebook or YouTube. You can also check my website and blog to keep yourself updated with what is happening in the ever changing world of technology