Oracle issues emergency patch for 0day Java exploit

first_imgHopefully thousands of you have been disabling or uninstalling Java over the past few days after learning of the 0-day exploit it included. Well, now it looks as though you can start using it again as Oracle has issued an emergency patch to fix Java’s security and close off the exploit.The exploit affected any and all systems, regardless of whether you are running Windows, OS X, or Linux. No browser was safe, either. What we were surprised to learn yesterday was that Oracle had known about this exploit for 5 months, and chose not to issue a patch. The next planned update wasn’t until October, leaving PCs running Java vulnerable until then.However, it seems the coverage the exploit is getting has put enough pressure on Oracle for them to react. Two emergency patches are now available, targeting both Java 7 (Update 7) and Java 6 (Update 35). You should be able to download them by accessing Java on your system and checking for updates. Alternatively, if you are doing a fresh install they should be pre-applied.Oracle has demonstrated that the security of Java isn’t really a top priority with the handling of this exploit, and with that in mind everyone should think hard before deciding to install Java. Do you really need it?A better way to decide is this: don’t install Java until you try and use something that tells you it needs Java. At that point get the latest version on your machine. If you then stop using that software, uninstall Java. And if you want to get rid of it off your system, we have a full guide available.via Krebs on Securitylast_img


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top