Oracle Confirms Java 7 Vulnerability, Promises Fix 'Will Be Available Shortly'

By Alexandra Burlacu email: a.burlacu@mobilenapps.com | Jan 13, 2013 02:17 PM EST

Share This Story

  • Print
  • Email

Oracle has confirmed the zero-day vulnerability found in Java 7 that grabbed the spotlight last week, and promised to fix the issue soon.

Oracle's promise to fix things comes after the U.S. Department of Homeland Security advised PC users to disable Java in  Web browsers, as hackers are exploiting a security flaw to attack PCs.

Follow us

"A fix will be available shortly," Oracle told Reuters in a statement late Friday, Jan. 11. The company did not offer further details regarding when the update will become available.

The security threat in Java 7 made headlines on Thursday, Jan. 10, after the U.S. Computer Emergency Readiness Team (US-CERT), which pertains to the National Cyber Security Division of the Department of Homeland Security, issued an alarming vulnerability note:

"Overview - Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description - Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.

Impact - By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system."

Through this critical security hole, attackers can execute malicious software on a victim's system. Cybercriminals quickly exploited the security hole in the wild, and made it available in common exploit kits. The same day, Apple took steps to block Java 7 on OS X 10.6 and later to protect Mac users.

The next day, Security Explorations, the security firm that identified most of the recent Java vulnerabilities, said the zero-day code only worked because Oracle had not properly addressed an old vulnerability. Security Explorations notified Oracle back in August 2012 that it has an insecure implementation of the Reflection API. Oracle issued a patch in October 2012, but it was not a complete fix.  

Mozilla decided on Friday to add all recent versions of Java to its Firefox add-on blocklist, blocking Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38. Firefox had already blocklisted other Java versions over other vulnerabilities.

Users will be able to use the plug-in again once Oracle releases Java 7 Update 11, which aims to address the security issue. In the meantime, users should uninstall or at least disable Java in their machine, regardless of what browser or operating system they are using.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Join Our Conversation

Smartphones
AT&T Nexus 6 software bug prompts temporary recall AT&T Nexus 6 stock pulled and sent back to Motorola over software bug
Qualcomm releases MDP Smartphone with 64-bit Snapdragon 810 CPU, Adreno 430 GPU, 4GB LP-DDR4 RAM
Samsung Galaxy S5 sales disappoint – About 40% lower than the company expected
HTC Desire 820, Desire EYE now available unlocked, SIM-free in the U.S.
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Flipboard for Windows Phone Flipboard for Windows Phone finally available, but requires 1GB of RAM (VIDEO)
Vine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics