Oracle recently discovered that hackers have been exploiting two different vulnerabilities in Java running in web browsers and, in response, has issued an emergency patch that should be capable of dealing with the problem.
According to a security alert released by Oracle, “These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity and confidentiality of the user’s system.”
Hackers were recently discovered to be using one of the vulnerabilities to access users’ computers and install McRAT malware. Once installed, this malware works to contact command, control servers and copy itself into all files in Windows systems. The interesting thing is that Oracle discovered these vulnerabilities only days after scheduling its last zero-day vulnerability in February. Instead of waiting and putting the patch in its quarterly April update, Oracle decided to issue the emergency patch.
“In order to maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible,” stated Eric Maurice, Software Security Assurance Director for Oracle, in a recent blog post.
Oracle has had a hard time catching a break as of late. A lot of companies, including Apple and Facebook, have stated that hackers broke into their computer networks through vulnerabilities in the Java browser plug-in. According to the company, the most recent vulnerabilities are only applicable to Java running in web browsers, meaning Java servers, standalone Java desktop applications or embedded Java applications are unaffected. In addition to that, Oracle server-based software is also unaffected.
While things like this can put computer users on edge, just remember that if your computer is affected by a virus, trojan or malware, the easiest way to fix it is to contact ComputerServiceNow.com. ComputerServiceNow.com has hundreds of technicians all across the country that specialize in malware and virus removal and who can be there to fix or troubleshoot any computer problem you may have, no matter what.