News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Hardware
Is your endpoint data protected?
Average Rating:
Rate this article:  
Oracle Rushes Out New Java Zero-Day Patches

Oracle Rushes Out New Java Zero-Day Patches
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

"The smart and safe approach to using Java is to use a two-browser approach so that you have one browser without Java for your daily Web surfing and use a different browser strictly for the use of Java," said security researcher Jerome Segura. "An even safer approach for enterprises is to use dedicated virtual machines for Web browsing with Java."
 



Oracle just rolled out a new Database Appliance, complete with virtualization, but news of more Java security woes may be overshadowing the announcement. Oracle has released a new Java update to patch zero-day vulnerabilities.

According to Oracle, the Security Alert addresses security issues CVE-2013-1493 and another vulnerability affecting Java running in web browsers. Oracle was quick to point out that the vulnerabilities do not apply to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle said in its security alert. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system."

Skirting Java

"Recent attacks against Apple, Facebook and Twitter all used Java zero-days to penetrate the companies' networks and install Remote Administration Trojans," Malwarebytes researcher Jerome Segura told us. "What is important to realize is that no matter how up-to-date those systems were, even with anti-virus and firewall, they still got compromised. This shows just how dangerous Web exploits and zero-days are."

The most common advice is to remove or disable Java however, noted Segura, however many applications depend on Java and removing it would be a problem.

"The smart and safe approach to using Java is to use a two-browser approach so that you have one browser without Java for your daily Web surfing and use a different browser strictly for the use of Java," he said. "An even safer approach for enterprises is to use dedicated virtual machines for Web browsing with Java, and other plug-ins, for that matter."

Oracle Feeling Java Heat

Oracle has been working hard to keep Java patched in 2013. Oracle patched at least 55 flaws in Java in February. In January, Oracle offered a Java 7 update that fixed zero-day flaws that were being actively exploited in the wild.

"The company intended to include a fix for CVE-2013-1493 in the April 16, 2013, Critical Patch Update for Java SE (note that Oracle recently announced its intent to have an additional Java SE security release on this date in addition to those previously scheduled in June and October of 2013)," Eric Maurice, Oracle's director of Software Assurance, wrote in a blog post. "However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert."

Oracle and Maurice are feeling the heat. He said Oracle is committed to accelerating the release of security fixes for Java SE, particularly to help address the security-worthiness of Java running in browsers. The quick release of this Security Alert, the higher number of Java SE fixes included in recent Critical Patch Updates, he said, and the announcement of an additional security release date for Java SE -- the April 16 Critical Patch Update for Java SE -- are examples of that commitment.
 

Tell Us What You Think
Comment:

Name:



Protect 100% of your Data The prevalence of laptops and mobile devices in the enterprise makes corporate data increasingly vulnerable to loss and breach. And yet, workforce productivity is now inextricably linked to mobility. Click here to access the white paper "Top 10 Endpoint Backup Mistakes" to learn more about how to confidently protect data across platforms and devices while also providing features designed to enhance the end user experience.


 Hardware
1.   Acer Desktop Box Rides Chrome Wave
2.   Feds OK IBM-Lenovo x86 Server Deal
3.   New Lenovo PCs for Business Users
4.   Price Wars Hitting Laptop Market?
5.   Have Net Routers Reached The Limit?


advertisement
Feds OK IBM-Lenovo x86 Server Deal
Makes Lenovo a player for data centers.
Average Rating:
Acer Desktop Box Rides Chrome Wave
Chromebox targets schools, small biz.
Average Rating:
Acer Chromebook Packed with Power
13-inch screen on under-$300 devices.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Find Malicious Android Apps Can Hack Gmail
A new study shows that a weakness in the Android mobile operating system can be used to steal sensitive, personal info from unwitting users. Gmail proved to be the easiest app to attack; Amazon, the hardest.
 
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Feds OK $2.3 Billion IBM-Lenovo x86 Server Deal
IBM and Lenovo are celebrating U.S. approval of their x86-based server deal, having cleared some major security hurdles. The deal makes Lenovo a major player for enterprise data centers.
 
Three New Lenovo PCs Aimed at Business Users
With businesses wanting computing solutions that do more for less money, Lenovo has unveiled three new desktop PCs that it says offer solid computing at a budget-minded price.
 

Mobile Technology Spotlight
Screen Shortage Briefly Puts Brakes on iPhone 6
RAM? Check. Antenna switch? Check. Screen? Oops. Parts suppliers for Apple have found themselves facing a shortage of screens for the new iPhone 6 as next month's release date for the new smartphone looms.
 
Bounty Offered to Coders for Oculus Rift Bugs
Coders who find bugs in software for the Oculus Rift VR immersive headset could receive a reward of at least $500 under Facebook's White Hat bounty program. Facebook acquired Oculus in March.
 
Google Glass Adds Voice Access to Phone Contacts
The latest update to Google Glass will let users access their top 20 phone contacts with voice commands alone. A user can then choose a phone call, Google hangouts, e-mail or text messaging.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.