Software companies seem to be losing their longstanding battle with the hacking community. In a recent blog post, Eric P. Maurice, who is the director of Software Security Assurance for Oracle, reported a devastating new software vulnerability that, while somewhat complex to execute, can result in the complete compromise of a user’s system.
Designated CVE-2016-0603, this exploit manifests itself in the software’s installation routine, which could actually be malware in disguise. In order to get around this problem, the company, through Mr. Maurice, recommends that you delete any old copies of Java or the installer from your machine, visit Java.com to ensure that all previous versions have been completely removed, and to get a guaranteed clean copy of the installer. He underscored the point that getting your installer from any other source could result in the total compromise of the user’s system.
This is a widespread, pervasive security flaw that impacts users of Java 6, 7 and 8. Users who currently have version 6 installed, and do not wish to upgrade to version 9, should install 6.113, which is the patched version of the software. Users of version 7 should either upgrade to version 8.73, which is patched, or version 9.
This revelation comes not long after Oracle made the announcement that it was planning to dump its Java browser plug-in entirely, due to numerous security issues with it. Of course, the plug-in itself won’t magically disappear. It is used by literally millions of web developers around the world, but given that support for it is disappearing, those who choose to continue designing their sites around its capabilities are on notice, as are people who use the plugin to view the content those developers create. In the absence of ongoing support, new security flaws won’t be patched when discovered, which makes surfing the web that much more dangerous.
The best course of action is to be sure your IT staff is on guard and watching for potential threats from this direction. If you have any questions or concerns about your company’s network, and its potential vulnerabilities, it never hurts to get an 3rd party expert opinion. VITECH is here to help you. Contact us for a detailed security audit so you know where your weak points are, and how to mitigate any threats.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.