• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Oracle Fixes Security Loopholes with Java Update?

Updated on Oct 6, 2013 by Guest Authors

Computer technology firm Oracle Corporation has just released Critical Patch Update (CPU) for Java SE days after several exploits in its software were detected, including the one highlighted in the recent Twitter cyber attacks that left more than 250,000 accounts compromised.

Java 7 Update 10 is remarkably earlier than the original schedule on Feb. 19, as the California-based company rushed to address “active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.”

However, the update can be yet another staple of security risk for unsuspecting users after researchers uncovered a new bug to the framework that could allow cybercriminals to bypass a fully patched protection framework designed to counter silent exploits. The CPU, an aggregate of patches for various security vulnerabilities, touches on 50 security issues in the software, for which Oracle urges users to immediately download the update as soon as possible. Although Oracle didn’t specify what zero-day vulnerability is being addressed by the CPU, it is clear from the eyes of security researchers why the company had cut short its timetable – Oracle hastened to fix the flawed update shipped with the previous version of Java, ironically intended to combat cyber threats to the software. The latest update lets users manually execute a Java code that doesn’t have digital certification from a trusted SSL certificate provider.

Security Explorations, a security start-up company based in Poland, said it had found a new security vulnerability in which an unsigned Java code could actually be executed on a Windows system even after performing the four Java Control Panel settings presented below:

java-security

– Low

Runs unsigned Java apps in the browser even without prompting unless they request access to a specific old version of Java or to protected resources on the system

– Medium

Runs Java apps in the browser without prompting, provided that the Java version is secured

– High

User will receive a prompt on whether to run an unsigned Java app in the browser. The user may update the version if the Java version is below security baseline.

– Very High

Will not run unsigned (sandboxed) Java apps.

In a Full Disclosure, Adam Gowdiak from Security Explorations, argued that existing security measures used to configure unsigned Java applications are mere “theory”. He said that it is practically possible to run an unsigned Java code even in the absence of security settings configured in Java Control Panel.

Unfortunately, the “security improvements” brought by Oracle failed to address key security issues. To ward off security threats from this vulnerability in Java, Gowdiak advised users to use a Click to Play technology provided by a number of web browsers.

Another good practice to prevent security risks while having Java installed in your computer is to disable the applet in your browser. Turn it on only when you badly need it.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review

VTOMAN FlashSpeed 1500 Portable Power Station Review

OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review
  • Azulle’s BYTE4: Customization at Its Finest With 3 Stellar Add-on Modules
  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}