Oracle has issued an emergency patch for its Java software after a string of high-profile hacking incidents at companies including Apple, Facebook, Twitter, and Microsoft.
Java has become a persistent thorn in the side of major companies. A small number of Apple employees had their computers hacked via a Java exploit in February. Facebook disabled Java after several of its employees were hacked as well.
The U.S. Department of Homeland Security even recently recommended to stop using Java because of its persistent security problems.
Oracle’s new emergency patch specifically addresses issues affecting Java running in web browsers. The company writes in its latest security alert:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.
Sewing patch on jeans via cosma/Shutterstock
VentureBeat is creating an index of the most exciting cloud-based services for developers. Take a look at our initial suggestions and complete the survey to help us build a definitive index. We’ll publish the official index later this month, and for those who fill out surveys, we’ll send you an expanded report free of charge. Speak with the analyst who put this survey together to get more in-depth information, inquire within.