Oracle issues fix for Java exploit after DHS warns of its holes

Oracle patched the hole in Java 7 on Sunday that enabled hackers to steal personal information and use your computer to attack other systems.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":604319,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"A"}']

The fix comes only after the Department of Homeland Security issued a warning about the hole, urging people to stop using Java until a fix was made available. Cyber-criminals exploited the vulnerability by using websites infected with malware to access Java and get inside a computer system. Hackers could both infect legitimate websites and set up fake websites that looked legitimate in order to trick people into visiting the site. Once there, the virus would work in the background, secretly infecting the system without the victim’s knowledge.

Oracle specifically states that it has changed Java’s security level from medium to high, meaning Java will always ask the user whether it is OK to run the Java web application that is attempting to launch. This is meant to mitigate the “silent attack” approach.

At the time DHS distributed its warning, Apple blacklisted Java completely for any Mac OS X (Mac operating systems) computer to protect its systems. Previously, Apple computers were affected by a hole in Java that enable the Flashback trojan to perform a similar attack. Whether Apple will reinstate Java is unknown.

Oracle notes that in order for the fix to be complete, you must re-enable Java if you previously disabled it, per the DHS’ recommendation.

hat tip New York Times; Oracle buildings image via Mark Coggins/Flickr