Oracle issues emergency patch for new Java bugs

Oracle this week issued a new emergency patch for its Java software, amid reports that hackers were exploiting a new vulnerability in the software.

 

In a security alert, Oracle said the patch also addresses a second vulnerability affecting Java running in web browsers.

 

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system," it said.

 

It advised users apply the patches soonest "due to the severity of these vulnerabilities, and the reported exploitation of (the exploit) 'in the wild.'"

 

A separate article on CNET said hackers were found using one of the vulnerabilities to infect computers and install malware.

 

"It's been a tough go for Oracle over the past couple of months. Several companies, including Apple and Facebook, have said that hackers infiltrated their computer networks via a vulnerability in the Java plug-in for browsers," it added.

 

A separate article on PC Magazine also noted Oracle had released several emergency updates in the past year because the bugs have been so serious. — TJD, GMA News