java malware Oracle patches major Java 7 security vulnerability

Oracle has issued a patch that fixes a major vulnerability in Java 7, which could let hackers access a user's system.

Oracle has issued a patch that fixes a major vulnerability in Java 7, which could let hackers access a user's system.

 
The Java security hole meant that any malicious website carrying specific code could remotely exploit the vulnerability over a network without needing a username or password, rendering it a high risk for untrusted websites.
 
Oracle's solution is to change the default Security Level for Java from Medium to High, which means all unsigned Java applets or Java applications will prompt the user for approval before running, preventing rogue code from automatically playing out in the background.
 
java malware Oracle patches major Java 7 security vulnerability
 
Oracle highlighted that this vulnerability was “severe,” details on how to exploit it were publicly available, and there were numerous reports of it being actively exploited. It said it strongly recommends users apply the latest Java updates as soon as possible.
 
Despite the patch, some security experts believe the problems may still persist, as hackers can trick users into believing a Java applet comes form an authentic source, encouraging them to approve and run it, and thereby put their system at risk.
 
The US Computer Emergency Readiness Team (US-CERT) of the US Department of Homeland Security warned that users should disable Java unless it is absolutely necessary, even after patching to the latest version.