Oracle has issued an emergency patch
for Java, its popular web technology. Security researchers last week uncovered a zero-day exploit that is being exploited by hackers in two malware tookits prompting the US government to issue a warning to PC owners. Although the patch addresses certain holes, Reuters
reports that a security analyst still believes
that the platform remains vulnerable.
According to Oracle, the patch addresses remotely exploitable vulnerabilites that only affect Oracle Java 7 versions. The company, of course, recommends that users apply the patch as soon as possible. The patch closes a vulnerability that allowed an attacker to trick an unsuspecting user into visiting a maliciously constructed website. The threat only affects Java in web browsers and not other forms of Java and is executed through malicious browser applets.
To further help Java from being more susceptible to attacks in future, Oracle has adjusted default security settings in Java to 'High.' By taking this step, users who are unknowingly redirected to a malicious website will be notified before an applet is run, giving users the option to deny the applet permission to run. Oracle also says that the Java SE 7 Update 11 also makes it easier for users to disable Java in their browsers through a Java Control Panel.