On Thursday news hit the web like a tactile missile that a Hacker had taken control of Oracle's Java through zero day vulnerability, rendering it susceptible for exploit by mercenary hackers to accomplish nefarious device-compromising acts. The effect was said to be so wide spread that Thursday, The Department of Homeland security issued a security warning that all computers disable Java in their web browsers. Thankfully though, Oracle has confirmed that by Tuesday they hope to release an public Java fix for the vulnerability which caused the widespread disabling of Java warning.
(Haven't figured out how to disable Java? See our link below for a tutorial on disabling Java on all computers and devices.)
"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a statement on Thursday.
"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered...to defend against this and future Java vulnerabilities disable Java in Web browsers."
What The Department of Homeland Security noted concerning future possible attacks is certainly true as Thursday, The Next Web reported that the vulnerability was currently being "exploited in the wild".
Java is a program which is found on PCs around the globe, and is comprised of computer language enabling programmers to write software using this universal code, which will run on any computer and any operating system available. So Windows, Mac, Linux--doesn't matter--it speaks to all of them.
This is great of course until you begin discussing hackers finding vulnerabilities in such a widely used program. In fact, Java is so widely utilized that it's no wonder the software has become a playground for hackers. Just last year, Java became the number one most frequently attacked software, according to Kaspersky Lab.
With Java being hacked through a zero day vulnerability, you have a major problem on your hands and Oracle came to quickly realize last Thursday leading to the disable Java warning. Thankfully though, Tuesday should bring an update release by Oracle to fix vunerabilities with a patch and end the need to disable Java in web browsers
At this point you may be wondering, "Who was the hacker who discovered this vulnerability?" set to be patched in an Oracle update to Java release on Tuesday.
The flaw was first discovered by a French security researcher using twitter handle @Kafeine. Kafeine maintains a website called "Malware Don't Need Coffee" and it was here the hacker posted an article stating that the latest version, Java 7 Update 10, had in fact even compromise and that a zero day vulnerability was discovered which was being exploited on a site frighteningly that receives "hundreds of thousands of hits daily" .
Rolling back over my head all the ways I use Java in my own work and life I immediately began to think of the public school systems where as a former teacher I know attendance records, sensitive medical records, and more are all run through a database system which utilizes none other than Oracle's Java .
It's a good thing then, that Homeland Security issued their warning to disable Java when they did or I can only imagine how widespread a security issue this could have been in our nation and around the world.
Equally as quick however, has been the Oracle's Java team work to fix the disabled Java program and prepare it for release on Tuesday.
Late Friday night, Jim Finkle of Reuters, reported that Redwood City, California-based Oracle Corporation released a statement saying that a public fix for the exploit would be "available shortly" as an update to Java was in the works.
This would come none too soon as according to Finkle,
"The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java...it said an attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems."
Apple, known for it'd unparalleled security in iOS 6, was quick to respond to the initial reports about the Java exploit, automatically disabling the Java 7 plug-in on Macs so users didn't have to be bothered. Kudos to the Apple folks for their diligence in providing the most secure operating systems around-they are serious about protecting their customers!
The Oracle company, creator of Java has confirmed a patch that will fix 86 vulnerabilities in Java 7 update 10 will be Tuesday so users will no longer have to browse the web with Java disabled.
If this is your first time hearing about the Java vulnerability leading to a call to disable Java and you have yet to disable it yourself, please see the article below for a tutorial to disabling Java on any device.
Also, make sure to return to iDigitalTimes on Tuesday where we will post a tutorial for reinstalling the Java Oracle update which vulnerabilities found last week.