Sunday night, Oracle released an emergency update to Java software, known as Java 7, update 11 which fixes a security vulnerability found on Thursday in Java software by security specialist Kafiene. This vulnerability, when exploited, could lead to breaches of security by allowing hackers the ability to access sensitive materials information and take control of one's computer.
Though the update, which is available on Oracle's Web site, does fix the dangerous vulnerability in Oracle's Java 7, still, at this point Homeland Security is advises, users hold off on the update and if they did not disable Java 7 previously, to do so now.
The vulnerability which was found in Oracle's Java software could allow remote, and unauthenticated attackers to execute arbitrary code on compromised devices. This could happen simply by visiting a Web site infected with malicious code. According to Kafiene, the French security researcher who first discovered the flaw in Java, the zero day vulnerability which was discovered was being exploited on a site that receives "hundreds of thousands of hits daily" .
It is for this reason that Homeland Security issued its first warning to disable Java.
Still the Oracle Team worked diligently through the weekend to find a fix for Java 7, initially reporting it would be ready on Tuesday.
The Oracle company, creator of Java confirmed on Friday a patch that will fix 86 vulnerabilities in Java 7 update would be available Tuesday so users will no longer have to browse the web with Java disabled.
Unexpectedly however, Java came through Sunday night with an emergency update to Java 7 which is now available
Oracle has stated that the update modifies the way Java interacts with Web applications.
"The default security level for Java applets and web start applications has been increased from 'medium' to 'high...This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the 'high' setting the user is always warned before any unsigned application is run to prevent silent exploitation."
Though this temporary fix has been put into place, it seems not all the work is complete yet and for this reason U.S. Department of Homeland Security continues to advise computer users to disable Oracle's Java software stating that risks are still present even with this emergency update.
"Unless it is absolutely necessary to run Java in web browsers, disable it," the Department of Homeland Security's Computer Emergency Readiness Team said on Monday in a posting on its website.
If this is your first time hearing about the Java vulnerability leading to a call to disable Java and you have yet to disable it yourself, please see the article below for a tutorial to disabling Java on any device.