Online Payment
image description

tech blogging > our corner of the web

tech blogging >

Java Targeted by Attackers

Wednesday, January 16, 2013

On Thursday the 10th of January, Java came under attack once again with a Zero-Day vulnerability. The immediate advice of Oracle (the company that maintains Java) was to promptly disable Java running on any machines to minimize the damage done. A Zero-day vulnerability is a flaw in the software or code that the creator or maintainer isn’t aware of at the time of the attack. This means, at the time of the major attack on Thursday, Oracle had no idea the vulnerability was being exploited and thus had no way to fix the issue right away.

According to InformationWeek, this isn’t the first time Java has been under attack in the recent months. Last year, over 600,000 Apple Mac computers were infected after another Zero-Day vulnerability was discovered. Java is installed on all sorts of machines ranging from Macs to Windows PCs and even Linux machines. The latest vulnerability found affects all three major operating systems and can be used to ‘execute arbitrary code.’ This means the attackers will be able to run pieces of code on your system that normally wouldn’t be run. Attackers would then have the ability to do any number of things to harm your system and spread the virus out. At this point, it is believed that 34% of all PCs are running a version of Java 7 which in turn could show the vulnerability on up to 400 million systems.

As of Tuesday the 15th, Oracle has released a patch to Java that fixes this vulnerability and relieves the stress on the company just a bit. Apple took a different approach on Friday and updated their operating system OSX to disable Java if not in use within 35 days. Firefox also updated their software so Java wouldn’t run automatically. Now that Java itself has been updated, users should be okay to re-enable Java and continue to use it as normal. Just confirm that it’s updated to the latest version through the Java Automatic Updater and the vulnerability will be patched!

If you have any questions on whether you’re affected or how to keep yourself safe, give IT Resource a call at 616.837.6930 and someone will be able to answer to your questions.
Comments
Post has no comments.
Trackback Link
http://www.itrw.net/BlogRetrieve.aspx?BlogID=11506&PostID=805770&A=Trackback
Trackbacks
Post has no trackbacks.