Oracle has made all of our computers more secure by releasing a security update that fixed 42 vulnerabilities found in Java that made Web browsers popular for targets for hackers. The vulnerabilities Oracle fixed had been rated ‘most critical,’ according to Oracle’s Executive Vice President, Hasan Rizvi.
Within the past year, before patches were created to fix Java’s vulnerabilities, hackers and criminal groups exploited multiple security flaws in Java’s plug-ins for browsers. Hundreds of companies’ computers were infected, including Facebook, Apple and Twitter who use Microsoft Windows and Apple software. The situation became so critical that the U.S. Department of Homeland Security recommended that all users disable Java.
As a result, many large companies urged Oracle to make Java language safer because of their reliance on it to run the internal software. Among all of the changes that were made, Rizvi said the most significant was in the default settings; sites will no longer be able to force smaller programs such as Java Applets to run in a browser unless they’ve been signed digitally. However, users can choose to override this by clicking to acknowledge the risk.
To date, there are no known un-patched Java vulnerabilities that are actively being exploited; but this doesn’t mean that all of the problems have been fixed by the current patch.
Oracle was primarily a database software and applications company until 2010 when they bought Sun Microsystems and inherited Java. This became the company’s greatest exposure to the mass market, as Java is currently running on computers, servers, phones and other devices. The browser version of Java has proved to be especially prone to security problems.
According to security software maker Kaspersky Lab, in the past year, Java has surpassed Adobe’s Reader as the most frequently attacked software. Last year, Java was involved in 50% of cyber-attacks, followed by Adobe Reader, which was involved in 28% of these attacks. Internet Explorer and Microsoft Windows were only involved in about 3% of these incidents, according to recent surveys.
“It was pretty embarrassing, what happened with the Facebook attacks,” said IDC analyst Al Hilwa. “It’s a fight for the life of Java plug-ins. A lot of companies are either going to turn these off, or they’re going to have their confidence restored.”
Thankfully, due to Oracle’s elimination of the latest Java vulnerabilities, none of their high-profile customers have stopped using Java, but their concerns haven’t been totally eliminated.
Have questions? Contact us today.