{"id":637,"date":"2013-01-14T12:08:14","date_gmt":"2013-01-14T17:08:14","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=637"},"modified":"2013-01-14T12:08:14","modified_gmt":"2013-01-14T17:08:14","slug":"oracle-releases-java-fix-but-security-concerns-remain","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/01\/14\/oracle-releases-java-fix-but-security-concerns-remain\/","title":{"rendered":"Oracle releases Java fix, but security concerns remain"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2025178\/oracle-releases-java-fix-but-security-concerns-remain.html\"><img decoding=\"async\" alt=\"\" src=\"http:\/\/nccomputertech.files.wordpress.com\/2013\/01\/javalogo-100021305-large.png\" \/><\/a><\/p>\n<p>Oracle released Java 7 update 11 (Java 7u11) on Sunday following a warning from the U.S. Computer Emergency Readiness Team (US-CERT) advising users to disable the software due to a serious and previously unknown security vulnerability. Even with the available fix, CERT, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is \u201cabsolutely necessary.\u201d<br \/>\nThe so-called Zero Day flaw was actively being used to secretly install malware on systems of unsuspecting victims and the exploit affected Windows, Mac, and Linux users, according to CERT&#8217;s security bulletin. The vulnerability affects versions of Java 7, and does not apply to Java 6.<br \/>\nWhat Java 7u11 does<br \/>\nThe biggest change for users with the newest version of Java is that now all unsigned Java applets and Web start applications are click-to-run. This means you must explicitly authorize Java to run in your browser nearly every time you come across Java on the Web. Java is a cross-platform programming language often used online for Web content and applications such as games and interactive charts. Oracle&#8217;s vulnerability fix affects only users running Java in their browsers, and does not apply to servers, desktop applications, or embedded Java apps.<br \/>\nOracle is also calling on users to update their systems as soon as possible. \u201cDue to the severity of these vulnerabilities,\u201d Oracle&#8217;s security alert reads. \u201cOracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.\u201d<br \/>\nOracle&#8217;s latest Java snafu is prompting calls by some to completely rewrite Java from the ground up due to its popularity as a way to attack PCs. The latest Java vulnerability comes close to five months after Oracle released updates to Java for three major security holes in late August, two of which were actively being used by malicious hackers.<br \/>\nYou can download the latest Java update from Oracle&#8217;s Website. If you&#8217;d like to follow CERT&#8217;s advice and disable Java, Oracle has a step-by-step instruction guide for Windows users. If you need Java and can&#8217;t turn it off, check out Computerworld&#8217;s tutorial on how to be as safe as possible with Java.<br \/>\nFull Story: <a href=\"http:\/\/www.pcworld.com\/article\/2025178\/oracle-releases-java-fix-but-security-concerns-remain.html\" target=\"_blank\">Oracle releases Java fix, but security concerns remain | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oracle released Java 7 update 11 (Java 7u11) on Sunday following a warning from the U.S. Computer Emergency Readiness Team [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2,5,7,9,10,11],"tags":[341,583,1178],"class_list":["post-637","post","type-post","status-publish","format-standard","hentry","category-apple","category-microsoft","category-security","category-software","category-technology","category-windows","tag-exploit","tag-java","tag-vulnerability"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-ah","jetpack-related-posts":[{"id":5980,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/15\/future-java-7-security-patches-will-work-on-windows-xp-despite-end-of-official-support\/","url_meta":{"origin":637,"position":0},"title":"Future Java 7 security patches will work on Windows XP despite end of official support","author":"NCCT","date":"July 15, 2014","format":false,"excerpt":"Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP. \u201cWe expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7766,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/10\/playing-minecraft-no-longer-makes-your-pc-a-juicy-target-for-hackers\/","url_meta":{"origin":637,"position":1},"title":"Playing Minecraft no longer makes your PC a juicy target for hackers","author":"NCCT","date":"March 10, 2015","format":false,"excerpt":"The folks at Microsoft-owned Mojang just gave PC users one more reason to uninstall Java from their systems. The Minecraft launcher for PC now installs and manages its own instance of Oracle\u2019s software. The version of Java the new Minecraft launcher uses is contained within the game\u2019s directory\u2014meaning you no\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7751,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/06\/more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players\/","url_meta":{"origin":637,"position":2},"title":"More IoT insecurity: This Blu-ray disc pwns PCs and DVD players","author":"NCCT","date":"March 6, 2015","format":false,"excerpt":"For more than a decade, malicious hackers have used booby-trapped USB sticks to infect would-be victims, in rare cases to spread virulent, self-replicating malware on air-gapped computers inside a uranium enrichment plant. Now, a security researcher says he has found a way to build malicious Blu-ray discs that could do\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":637,"position":3},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":637,"position":4},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8907,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/04\/huge-number-of-sites-imperiled-by-critical-image-processing-vulnerability-updated\/","url_meta":{"origin":637,"position":5},"title":"Huge number of sites imperiled by critical image-processing vulnerability [Updated]","author":"NCCT","date":"May 4, 2016","format":false,"excerpt":"By Dan Goodin | Ars Technica Attack code exploiting critical ImageMagick vulnerability expected within hours. A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=637"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/637\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}