Computerware Blog
Security Vulnerabilities Found in Java Software
There are several practices that you can do in order to keep your PC safe from computer viruses. Not visiting shady websites and keeping your antivirus program up-to-date are proven best practices; although, sometimes these practices are not enough. Sometimes hackers will find vulnerabilities in a trusted application and take advantage of them, this happened recently to Java.
On January 10, the US-CERT group issued an alert saying that Java 7 Update 10 and earlier versions contain a vulnerability. On January 12, Java supplier Oracle issued a statement confirming the discovery. In Oracle's statement, the severity of the original alert was downplayed by saying the vulnerability is limited to only one version of Java. According to Oracle's official statement:
Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly.
The nature of the Java vulnerability allows a hacker to remotely execute an arbitrary code through Java from a website that has been set up with the malicious code. This code has been identified as a Trojan horse called Mal/JavaJar-B. What makes this code especially harmful is that it is a zero-day attack virus, which means that it was discovered before developers had a chance to research and patch it.
The extent of the damage that can be done from this code is unclear. Although, we do know this about the nature of hackers; once a vulnerability is discovered, many different malwares and viruses are created that can cause different degrees of damage to your PC. The most extreme viruses will steal your sensitive information, disable your computer, and spread to other PCs and devices on your network.
So far, systems that are vulnerable to this Java Trojan horse have been Windows, Linux and Unix systems. The threat has not yet spread to OS X, and Apple is taking extra measures to block it by issuing updates to its XProtect system. Apple, which is usually immune to major viruses, does have a tough fight ahead of them because OS X is similar to Unix and Java is a cross-platform application.
Most platforms do not come with Java, but it is widely used by several software developers which means there is a strong likelihood that you have it installed on your PC, especially if you do heavy Web browsing. Until everything is patched up, Java does have its own control panel that you can use to adjust the settings. From the control panel you can disable Java altogether, or adjust the security setting from Medium to High or Very High. On January 13, Oracle did release an emergency software update which is supposed to fix the vulnerability. You can download this patch from Oracle's website.
The Java virus has the potential to do serious damage to your PC; so much so that the U.S. Department of Homeland Security is advising all computer users to disable Java on their Web browsers, even after Oracle released an emergency patch. DHS said in a recent alert that, "This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."
Computerware specializes in cyber security. We stay on top of the latest viruses in order to help protect you from threats like this and other Trojans horses, malwares, viruses, and spams that can harm your PC. Call us at (703) 821-8200 and we will perform a free virus scan on your network, and hook you up with a Unified Threat Management security solution that will give your company the strongest defense possible from cyber-attacks. We also offer a remote monitoring service where we take care of software updates and patches in order to help safeguard your system.
Call Computerware at (703) 821-8200 and let us protect your business from cyber-threats.
Comments