Industry News

Oracle releases fix for Java Zero-Day Vulnerabilities

Oracle has released an emergency security alert to patch the controversial CVE-2012-4681 vulnerability and two others in Java 7 running in web browsers on desktops. Standalone Java desktop applications and Java running on servers were not vulnerable.

“Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 `in the wild,’ Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.” advised the company.

Image Credit: Oracle

In the past few days, the security community has been informing users of these vulnerabilities and firmly advised them to uninstall Java from their browsers. Bitdefender Labs estimated that nearly 3 billion people were vulnerable to these bugs and HotForSecurity kept readers informed of developments from day one here and here.

Oracle explains in the Security Alert that “these vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability.”

This patch protects Internet users against further exploitation of these three vulnerabilities that have already been used in targeted attacks and were available for purchase on underground forums in the Metasploit tool and Blackhole exploit kit for all those willing to pay for a cyber-attack gizmo.

Unfortunately, some computer users will remain vulnerable to these and other tools. Many people fail to update their software despite loud media and security industry information campaigns.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.


Click here to post a comment