Oracle has announced it is preparing an update for the Java software to address a security vulnerability that was identified recently. “A fix will be available shortly,” the company said in a statement following U.S. Department of Homeland Security’s urge to computer users to disable Java from their web browsers.
Company also added that the recently discovered flaw only affects Java 7, the program’s most-recent version, and Java software designed to run on browsers, reports Reuters.
There is still no word on how soon we will be able to see this update, but considering Oracle has acknowledged the problem, it should be coming real soon.
Earlier on Thursday, the exploit was first discovered by a French Researcher, which was followed by an advisory by the US Computer Emergency Readiness Team (US-CERT).
Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
This advisory was followed by Mozilla’s announcement to add Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38 to its Firefox add-on block list. Apple also did not take long to disable Java 7 on Macs that already have the plug-in installed.
Java has increasingly become a prime target for hackers. It even surpassed Adobe Reader as the most frequently attacked piece of software. To give you a perspective, Java was responsible for 50pc of all cyber-attacks in 2012 in which hackers exploited software bugs to hack computers.