Oracle says Java flaw will be fixed 'shortly'
NEW YORK (AP) - Oracle Corp. says it will soon fix a flaw in its Java software that caught the attention of the U.S. Department of Homeland Security.
In a statement Saturday, the company said it was "aware of a flaw in Java software integrated with web browsers."
The glitch is only in the JDK7 version of the software, and it "does not affect Java applications directly installed and running on servers, desktops, laptops and other devices," the company said.
"A fix will be available shortly," the company added.
On late Thursday, the DHS had advised people to temporarily disable the Java software on their computers to avoid potential hacking attacks. Computer security experts believed that hackers had found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.
Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system. Oracle bought Java's creator, Sun Microsystems, in 2010.
In a statement Saturday, the company said it was "aware of a flaw in Java software integrated with web browsers."
The glitch is only in the JDK7 version of the software, and it "does not affect Java applications directly installed and running on servers, desktops, laptops and other devices," the company said.
"A fix will be available shortly," the company added.
On late Thursday, the DHS had advised people to temporarily disable the Java software on their computers to avoid potential hacking attacks. Computer security experts believed that hackers had found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.
Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system. Oracle bought Java's creator, Sun Microsystems, in 2010.
Interesting stat on modern viruses:
Â
52% - Java is the entry point
28% - Adobe Reader is the entry point (was shocked to learn this)
3% - Microsoft operating system or Internet Explorer is the entry point - yup just 3%
@Howard Beale - yeah, it's funny how no one's screaming about the massive security failures with the non-MS products.... Yet when it's MS, they scream and pitch fits....
 @FormerMarineSgt  @Howard Well when you create a reputation...
Â
With that said Win 7 and Win 8 are very secure (Vista was too but with the ridiculous notifications). IE 10.x is also very secure, but not the best browser out there. The reality is the true old fashioned virus from say 10 or 15 years ago is incredibly rare. Most "viruses" today are malware that the end user willingly installs without realizing what they are doing. Same applies now in the Mac space with more and more malware apps in the wild being written for the platform.
Â
I remember on that list of top four virus culprits Linux was in third place, but I don't remember the percentage - it was low - like 10% or 9% but I was surprised to see it was above Windows.
Â
But again, you build a reputation, hard for people to let it go...
 @Howard Beale  @FormerMarineSgt  @Howard The malware that I last experienced were drive by downloads, where a website is infected with malware that actively looks for vulnerable clients. These require no user interaction at all (apart from coming to a compromised site).
Â
I read up on one that I caught called zero.access. It writes itself to a portion of the NTFS file system that is reserved for metadata-like descriptors, a place where AV products don't normally look. The level of sophistication on display in these exploits is both impressive and alarming.
 @Howard Beale I believe the stat about Adobe Reader. I know many companies are ditching Adobe Reader for alternative PDF viewers like Foxit Reader.
Â
Anecdotally, I suspect Adobe Reader was the vector that led to a few recent virus infections at work. And  just this week, one of my computers got nailed literally the day after I installed Java Runtime as required by my school.
Â
The disappointing thing was that all of the systems that got compromised were running up-to-date AV products!Â