Share “Oracle says Java is fixed; feds maintain...”

Oracle says Java is fixed; feds maintain warning

Published on NewsOK Modified: January 14, 2013 at 5:07 pm •  Published: January 14, 2013
Advertisement

The sale of the packs means malware exploiting the security gap is "going to be spread across the Internet very quickly," said Liam O'Murchu, a researcher with Symantec Corp. "If you have the opportunity to turn it off, you should."

Oracle said it released two patches — to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."

As well, the patches set Java's default security level to "high" so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.

Disabling Java completely in browsers has a similar effect, however. When websites appear without crucial functions, users can click a button to turn Java back on.

Making users aware when Java programs are about to be installed gives users a 50/50 chance of avoiding malware, said Kurt Baumgartner, a senior security researcher with Kaspersky Lab.

Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.

Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.