Oracle’s Java platform is used and installed on more than one billion user computers worldwide. Three billion mobile phones are running the software too.
With an ecosystem of approximately nine million certified Java developers, the new vulnerability presents a headache for Oracle given its wide usage in many industries and many datacenters.
Yesterday (Thursday), the US-CERT’s Vulnerability Notes Database, a service that provides timely information about software vulnerabilities, issued a warning that said “Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”
Numerous reports worldwide suggest this security flaw is being exploited and included “exploit kits” that make it easier for hackers with bad motives to attack users’ computers and any other computer or server running this version of Java.
Exploits are already available for sale and download for US$700 a quarter or US$1,500 for a year’s subscription.
The only solution, as suggested by many experts, at this stage seems to be that users and those affected to disable Java (or uninstall) on their computers as Oracle have yet to issue a fix to the vulnerability.
The “impact” of this vulnerability is seen as severe by the US-CERT as they state “by convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system”.
They, US-CERT, also see no workaround or solution to the vulnerability at the moment and they concur with experts by suggesting: “We are currently unaware of a practical solution to this problem. Please consider the following workarounds: Disable Java in web browsers.”
HumanIPO has contacted Oracle South Africa and have yet to get an official confirmation regarding the solution or development of such a solution from the global software company.
This report will be updated as soon as Oracle officially communicate a solution.
Meanwhile, a Java expert in South Africa has elaborated on the threat.