Vulnerabilities Continue to Plague Oracle’s Widely-Used Java Software
Oracle’s Java product, which is widely used on macs, pcs, and smartphones, has been shown to be extremely vulnerable. In mid-February, Oracle released a patch for over fifty accumulated vulnerabilities, some of which had been known and
actively exploited for months. Two weeks later, Oracle was force to issue another set of emergency patches as even more
critical vulnerabilities were discovered. Security experts quickly found bugs in the patch for older versions of
Java. Since that time there have been even more security problems found in the software, including a major flaw in their latest security measures.
The Department of Homeland Security, through its Computer Emergency Readiness Team (CERT), has taken the unusual step of recommending “disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.” http://www.us-cert.gov/ncas/alerts/TA13-064A
Compounding the issue, Oracle has announced that certain widely installed, but older versions of Java will no longer receive patches.
We recommend using only the most recent version of the software with the most recent patches, and with the appropriate
safeguards in place. If you don’t need Java, it should be removed from your computers. We are now considering old versions of Java a critical security risk, and are automatically removing all older and unnecessary versions of Java for
customers that have their computers covered under a maintenance and monitoring contract.
Leave a Reply