Oracle fixes Java 7 web browser flaw

Software giant issues out-of-cycle patch to fix internet browser Java vulnerabilities.

Search windows

Software giant Oracle has finally released a patch to fix an internet browser glitch that left the systems of millions of web users at risk from malware.

The US government warned end users to be on their guard against Java 7 zero-day vulnerabilities earlier this week, and urged them to disable Java in their web browsers as a precaution.

The bugs let Java applets carry out arbitrary operating system commands without permission, which could allow vulnerable systems to be infected with malware.

Oracle would have been irresponsible not to have done this.

The issue affected browsers that use the Java 7 plug-in, including Mozilla Firefox, Google Chrome, Internet Explorer and Apple Safari.

The vendor giant announced the patch in a post on the Oracle Software Security Assurance blog yesterday evening, and instructed users to apply it as soon as possible.

"Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct, but related, vulnerabilities and one security in-depth issue affecting Java running in desktop browsers," explained the post.

"If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to...install malware, including Trojans, onto the targeted system."

When news of the vulnerabilities first came to light this week, industry watchers feared Oracle might wait until the next scheduled Java patch, due on 16 October, to issue a fix.

However, the blog post suggests the severity of the glitch prompted the firm to issue an out-of-cycle patch.

"The technical details of these vulnerabilities are widely available on the internet and Oracle has received external reports that [they are] being actively exploited in the wild," the post concluded.

Speaking to IT Pro, Bob Tarzey, service director at market watcher Quocirca, said Oracle was right to act when it did.

"When Oracle acquired Sun, Java was part of the deal," said Tarzey. "Oracle is responsible for fixing vulnerabilities to keep Java users as safe as possible [and] it would have been irresponsible not to have done this."

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020