Oracle patches Java Zero Day security threat

Updated on 14-Jan-2013
HIGHLIGHTS

Coming to the rescue of netizens worldwide, the company takes three days to patch a serious security vulnerability in its Java software

Early last week, security watchdogs raised a big hue and cry over the presence of a zero-day vulnerability in Java, developed by Oracle Corporation, a piece of software that is synonymous with the Web and Web browsers.

We, too, reported about Java’s serious security flaw on Friday.

There is no cause for concern anymore, however, as reports confirm that the Java vulnerability, which would potentially allow hackers to cause mayhem on infected machines, has been successfully patched by Oracle within three days.

Released by Oracle, Java 7 Update 11 is the instant critical security update required to fix the zero-day exploit present in Java 7 Update 10 and previous versions of the Java software. According to Oracle, this latest update modifies the way in which Web apps interact with Java on a local computer.

Oracle also states that “the default security level for Java applets and web start applications has been increased from Medium to High.” It further states:

“This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.”

While it’s good to see Oracle act this quickly and release a security fix for the Java vulnerability in record time, remember that you don’t have to run Java if you don’t absolutely need it. Also, in the wake of this zero-day vulnerability, it is absolutely critical to update your Java installation to its latest version to prevent hackers from exploiting the bug.

You can download the latest Java 7 Update 11 here or through any active program or browser that uses Java.
 

Jayesh Shinde

Executive Editor at Digit. Technology journalist since Jan 2008, with stints at Indiatimes.com and PCWorld.in. Enthusiastic dad, reluctant traveler, weekend gamer, LOTR nerd, pseudo bon vivant.

Connect On :