Oracle has released a software update, patching a security hole in Java that allowed cybercriminals to break into users' computers.
The emergency update released on Jan. 13 addresses the recently discovered flaw in the latest version of Java. The latest patch to Java 7 Update 11 counters CVE-2013-0422 flaw, along with an earlier CVE-2012-3174 remote code execution bug, dating back to June 2012.
Java 7 Update 11 is available for downloads on Oracle's Web site.
Oracle also raised the default security level settings for Java from Medium to High. It will prevent drive-by-downloads as users will be prompted every time before running any unsigned Java applet or Web Start application.
"The default security level for Java applets and web start applications has been increased from 'Medium' to 'High'. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the 'High' setting the user is always warned before any unsigned application is run to prevent silent exploitation," Oracle wrote in an advisory.
The critical vulnerability in Java 7, which was discovered last week, allows unauthenticated users to execute arbitrary code on a victim's machine. Hackers were using compromised Web sites as platforms for installing malicious programs, such as keyloggers and spywares.
At the time news broke, security advisors recommended users disable Java as a security measure against the flaw that received the maximum Common Vulnerability Scoring System (CVSS) score of 10.
Security researchers have uncovered the compromised Web sites, but it is unknown how many users were infected.
Oracle usually releases a security update to Java on a quarterly cycle; however, it had to release an out-of-band fix as the vulnerability was added to several popular exploit kits such as Blackhole and Cool EK, making it easier for hackers to take over machines.
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton