Oracle Releases Emergency Java Patch to Block Zero-Day Exploits

Security researchers confirm that the update addresses the vulnerability exploited by two attacks identified earlier this week.

Computerworld: Oracle has released an out-of-band update for Java that addresses a zero-day vulnerability. Earlier this week, researchers went public with news of ongoing attacks that exploited the bug, leading some to recommend that organizations disable Java on their networks. However, security experts from Rapid7 and other firms have confirmed that the update is effective against those attacks. "It appears that it's effective in blocking the exploit," said Rapid7's Tod Beardsley.

Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, said that he had informed Oracle of the vulnerability in April of this year. He "was glad" that Oracle didn't delay the release of the patch until October, it's next scheduled update for Java. "We hope that out-of-band patches will become more common and will be used whenever a need arises to protect users of Oracle software," he added.




Tags: Java, Oracle, security, patch, update, hack attacks, Zero-Day exploit


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.