Some of the things that computer users need to put up with are viruses and malwares. If you have been using your computer for quite some time now, then chances are high that you have been affected by these malicious contents before. In fact, some of you may even have viruses and malwares in your computer right now, you just don't know that it's there. With that said, there will always be new viruses and malwares which will be released into the wild in order to wreak havoc into our computer systems. In a new report, it has been discovered that a new Java bug can potentially leave billions of computers vulnerable to malware.
Java is a platform component that is considered to be essential to pretty much every functioning computer. Even if you don't know it, there should be an application or two that relies on Java. Today as ComputerWorld reported, a security researcher, named Adam Gowdiak, renowned for finding Java exploits and vulnerabilities has discovered a new critical vulnerability in all currently-supported versions of Oracle. It is a zero-day threat which means that it uses a previously unknown vulnerability in Java and the developers will have zero days to address and patch the bug. The bug can be used to hijack a computer system which has a Java installed and install all sorts of malware within. Considering Oracle's installed base, this means that billions of computer are at risk at this point.
Whether you are in a Windows PC or Mac, if you have installed Java, your system is potentially exposed to the risk. For Mac however, those who are running OS X 10.6, aka Snow Leopard, or earlier are the only the computers that are exposed to the risk out of the box. This is because Snow Leopard is the last OS which is pre-bundled with Java. All supported versions of Java, including Java 5, Java 6 and Java 7, have the bug.
Gowdiak's track record when it comes to finding Java vulnerabilities is quite stellar. Just this year, he was able to report dozens of bugs to Oracle. One of the bugs has been discovered by hackers which was used to launch widespread attacks in August. It was patched by Oracle since then by shipping an emergency Java update. As of now, Gowdiak said that the discovered vulnerability poses a more serious threat than the ones which were exploited so far. This can be attributed to the fact that it affects all currently supported versions of Java, even the developer preview versions.
However, now is not the time to hit that panic button yet. There is much less urgency that surrounds this one vulnerability because there has been no indication so far that it has been discovered by hackers. There has been no active attacks recorded as of now. This has been confirmed by Oracle themselves. Hopefully, Oracle will be able to issue a patch sooner instead of later, before some mischievous individual discovers the bug. As of the meantime, it is advised that you disable Java plug-ins in your browsers until Oracle sends a patch for the Java bug. [via RedmondPie]Contact Us for News Tips, Corrections and Feedback