Oracle rushes out another Java update, fixing 50 vulnerabilities

Oracle says Java 7u13 addresses 50 flaws, many of which left systems vulnerable to remote exploits.

By John P. Mello Jr., PC World |  Security, java, Oracle

Java's misfortunes continued when later in the month Security Explorations, a Polish security firm with a history of finding security flaws in Java, discovered new vulnerabilities in the 7u11 update that could be exploited to avoid the program's sandbox--a programming technique used to isolate the damage malicious code can do to a system.

"These problems will continue until Oracle fixes the sandbox," Bitdefender Senior E-Threat Analyst Bogdan Botezatu said in an interview.

Botezatu was critical of how much Oracle relied put on users to maintain security in the 7u11 update.

For example, the update sets, by default, the highest security level for Java. At that level, whenever an unsigned  Java applet tries to run in a browser, a message pops up cautioning a user that the app may be dangerous and that the user should proceed at their own risk.

Typically, users ignore such warnings because they find them annoying. That's particularly true for children who play Java games on the Web--a fact, Botezatu points out, not lost on digital desperadoes. "I've seen lots of websites running Java malware on pages that have been optimized with keywords targeted at children," he said.

With the latest Java update, Oracle may be trying to change its luck with the program. It appears to have skipped update 12 in its numbering scheme and designated the latest bundle of fixes Java 7 update 13.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question