The Inquirer-Home

Oracle issues hot patch for zero day Java exploit

Install it while it's hot
Mon Jan 14 2013, 10:39
Oracle logo

ENTERPRISE VENDOR Oracle has released a patch for the zero day Java exploit that we reported on last week.

Then the insecurity firms were advising people to load their virtual shotguns and get in their security basements to avoid terrible assaults. Millions of computer users, regardless of what operating systems they use, would be affected and it would happen when they were using the internet.

Not disabling Java at that time, we gather, was the equivalent of kissing a black rat, in London, during the plague. Fret no more though, as Oracle has issued the patch we have all been waiting for and his fixed Java.

Java 7 Update 11, which is available now, is the sticking plaster that patches the vulnerability. In short, it means that the "user is always warned before any unsigned application is run to prevent silent exploitation". It is recommended that you apply it.

"It's nice that Oracle fixed this vulnerability so quickly," said security expert Brian Krebs, "but I'll continue to advise readers to junk this program altogether unless they have a specific need for it."

Krebs said that Oracle has already tried to fix the same flaw, but failed, adding that malware writers are "constantly finding new zero-day vulnerabilities in Java".

He added that it would not surprise him if the same zero day situation were to "repeat itself in a month or so". µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?