- dotTech - http://dottech.org -
Oracle issues Java update to fix latest exploit, but security experts say to still stay away
Posted By Ashraf On January 14, 2013 @ 7:02 PM In Linux,Mac OS X,Windows | 10 Comments
You know that latest Java exploit  that had the world up in arms, with Firefox and Apple blocking Java and U.S. Department of Homeland Security recommending people disable Java ? Yeah, well, Oracle has issued updates to Java to address and plug the exploit.
According to update notes released by Oracle yesterday, Java 7u11, Java 6u37, Java 5u38, and Java 4u40 are the latest versions of Java 7, 6, 5, and 4 (respectively), and these updates contain fixes for the most recent exploit discovered in Java. Anyone and everyone that still has Java installed should update to the latest version to keep safe from this exploit. If you are unsure as to how to update, simply head over to Java’s website  and manually download Java 7u11, the latest version. Versions for Windows, Mac OS X, and Linux are available.
Aside from patching the above-referenced exploit, this new update in Java also changes the default security setting from ‘Medium’ to ‘High’. This means, going forward, all unsigned Java applets will be required to gain explicit permission from users before they run.
Even though Oracle has released a timely update to this particular issue, some security experts are still recommending people stay away from Java due to the fact that Java is regularly targeted with new exploits:
Seemingly reinforcing the voices to not keep Java on your machine is a stat by Kaspersky that claims 50% of software hacks last year were via Java and a stat by Sophos that says 90% of all web attacks were conducted via Java last year.
If you have yet to uninstall or disable Java and want to know how, read the following guides by dotTech:
Article printed from dotTech: http://dottech.org
URL to article: http://dottech.org/93274/oracle-issues-java-update-to-fix-latest-exploit-but-security-experts-say-to-still-stay-away/
URLs in this post:
 Image: http://cdn.dottech.org/media/2013/01/java_update.png
 latest Java exploit: http://dottech.org/92636/new-java-zero-day-exploit-hits-the-internet-is-massively-exploited-in-the-wild-disable-java-now/
 Firefox and Apple blocking Java and U.S. Department of Homeland Security recommending people disable Java: http://dottech.org/92964/firefox-and-apple-have-blocked-java-while-u-s-homeland-security-recommends-everyone-disable-it-because-of-vulnerabilities/
 Java’s website: http://www.java.com/en/
 How to disable Java for Firefox, Chrome, Internet Explorer, or Opera: http://dottech.org/78082/how-to-uninstall-remove-java-from-firefox-chrome-internet-explorer-opera/
 How to uninstall Java on Windows (XP, Vista, Windows 7, and Windows 8): http://dottech.org/78080/how-to-remove-java-from-windows-guide/
 BBC: http://www.bbc.co.uk/news/technology-21011669
 Washington Post: http://www.washingtonpost.com/business/technology/oracle-patches-java-but-concerns-remain/2013/01/14/170df924-5e8a-11e2-9940-6fc488f3fecd_story.html
 ArsTechnica: http://arstechnica.com/security/2013/01/oracle-patches-widespread-java-zero-day-bug-in-just-three-days-that-is/
 NakedSecurity: http://nakedsecurity.sophos.com/2013/01/13/oracle-releases-cve-2013-0422-patch-for-java/
© 2008-2012 dotTech.org | All content is the property of its rightful owner.