Web security firm FireEye has announced that internet users should disable Oracle’s Java software while utilising web browsers, due to the discovery of an inherent flaw in Java version 7 that allows hackers to gain access to personal computer systems and wreak havoc.
FireEye announced on its blog that the Java hack used the programme to bypass security measures with the specific purpose of spreading malware. On 26 August Atif Mushtaq noted that the exploit appeared to be in its early stages of circulation but that it wouldn’t be long before a wider circle of hackers started to use it:
“It’s just a matter of time that a POC will be released and other bad guys will get hold of this exploit as well.” He said.
Oracle claims that its incredibly versatile programming language runs on no fewer than 3 billion devices worldwide, including millions of smartphones. It is an essential tool for making sites and applications run without the need for developers to write specific code for different operating systems.
Despite its versatility and accessible nature, Java has recently come under scrutiny for its vulnerabilities against hacks such as this, especially in the mobile sector. Increasingly, developers of smartphone applications and games have been offering Java jobs to programming experts to minimise the security risks in using the code in their products.
FireEye also noted with disappointment that Oracle itself had not commented on the discovered security flaw and had made no attem
pt to discuss the possibility of an emergency patch to plug the breach. The Java creator announced recently that it would be moving to quarterly fixes for the programme, meaning that users shouldn’t expect a scheduled update until October this year.
Another cyber security firm, Rapid7, claims that it wouldn’t matter how speedy Oracle’s response is, there is still a significant amount of danger inherent in this new exploit. The company claims that even when known security issues are announced and updates are issued to combat it, only 35% of users will actively install these updates. The majority of users will simply assume that the problem will not affect them or will ignore the security threat entirely. Rapid7 reported that even among the users who do choose to update, nearly half of them take around 60 days to do so, which is plenty of time for malicious hackers to access their unprotected system.
Even though Oracle’s response to the situation has been underwhelming thus far, the company has shown signs that it is taking the issue of cyber security more seriously. Presumably hoping to avoid similar bad press for Java, more Oracle jobs dealing with the programming language have become available as the technology firm tries to shore up its vulnerabilities.