![]() Many of the attacks targeting Java are being driven by automated attack toolkits. "Network administrators unable to disable Java in Web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets." "Starting with Java 7 Update 10, it is possible to disable Java content in Web browsers through the Java control panel applet," US-CERT said. The organization reiterated that point in an advisory issued for the latest Java security update. The United States Computer Emergency Readiness Team ( US-CERT) issued an advisory recommending disabling Java in Web browsers because of the prevalence of attacks. Ongoing attacks targeting Java have prompted calls from some security firms to remove the software from systems where it is not needed. 13, repairing a Java zero-day vulnerability that was being actively targeted by attackers. Oracle also rushed out a security update Jan. "Oracle felt that releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers." "The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS-independent, makes Java an attractive target for malicious hackers," Maurice wrote. ![]() Maurice wrote in the company's blog that the company switched the Java security settings to "high" by default for the Java Runtime Environment running in the browser. The bulk of the vulnerabilities, 44 of them, can be exploited on desktops through Java Web Start applications or Java applets, said Eric Maurice, software security assurance director at Oracle. The update affects all currently supported editions of the Java Runtime Environment. Oracle accelerated the release of the patch update because of the "active exploitation in the wild" of one of the vulnerabilities affecting the Java Runtime Environment in desktop browsers, the company said in its advisory issued late Friday. The Oracle Java critical patch update contains fixes for 50 vulnerabilities, 49 of which are remotely exploitable. ![]() The emergency Java SE security fixes comes two weeks before Oracle's regularly scheduled round of updates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |