Oracle has issued an emergency patch for its Java software after a string of high-profile hacking incidents at companies including Apple, Facebook, Twitter, and Microsoft.
Java has become a persistent thorn in the side of major companies. A small number of Apple employees had their computers hacked via a Java exploit in February. Facebook disabled Java after several of its employees were hacked as well.
The U.S. Department of Homeland Security even recently recommended to stop using Java because of its persistent security problems.
Oracle’s new emergency patch specifically addresses issues affecting Java running in web browsers. The company writes in its latest security alert:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.
Sewing patch on jeans via cosma/Shutterstock