IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Oracle fixes Java 7 web browser flaw

Software giant issues out-of-cycle patch to fix internet browser Java vulnerabilities.

Search windows

Software giant Oracle has finally released a patch to fix an internet browser glitch that left the systems of millions of web users at risk from malware.

The US government warned end users to be on their guard against Java 7 zero-day vulnerabilities earlier this week, and urged them to disable Java in their web browsers as a precaution.

The bugs let Java applets carry out arbitrary operating system commands without permission, which could allow vulnerable systems to be infected with malware.

Oracle would have been irresponsible not to have done this.

The issue affected browsers that use the Java 7 plug-in, including Mozilla Firefox, Google Chrome, Internet Explorer and Apple Safari.

The vendor giant announced the patch in a post on the Oracle Software Security Assurance blog yesterday evening, and instructed users to apply it as soon as possible.

"Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct, but related, vulnerabilities and one security in-depth issue affecting Java running in desktop browsers," explained the post.

"If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to...install malware, including Trojans, onto the targeted system."

When news of the vulnerabilities first came to light this week, industry watchers feared Oracle might wait until the next scheduled Java patch, due on 16 October, to issue a fix.

However, the blog post suggests the severity of the glitch prompted the firm to issue an out-of-cycle patch.

"The technical details of these vulnerabilities are widely available on the internet and Oracle has received external reports that [they are] being actively exploited in the wild," the post concluded.

Speaking to IT Pro, Bob Tarzey, service director at market watcher Quocirca, said Oracle was right to act when it did.

"When Oracle acquired Sun, Java was part of the deal," said Tarzey. "Oracle is responsible for fixing vulnerabilities to keep Java users as safe as possible [and] it would have been irresponsible not to have done this."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Kyndryl strikes up new delivery partnership with Oracle
IT infrastructure

Kyndryl strikes up new delivery partnership with Oracle

24 Jun 2022
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Whitepaper

Activation playbook: Deliver data that powers impactful, game-changing campaigns

11 Apr 2022
The digital marketer’s guide to contextual insights and trends
Whitepaper

The digital marketer’s guide to contextual insights and trends

11 Apr 2022
Automating the modern data warehouse
Whitepaper

Automating the modern data warehouse

21 Mar 2022

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022