Java 7 - Security Hole

2012-12-14

As we all know, Java is one of the most widely used programming languages across the web. All the modern day browsers depend on java plugins, to run applets and other java based code that is present in a website. Are we 100% sure that these plugins do not run any malicious applet or program from a website that we tend to visit? Well, the latest version of java 1.7 has a deep security hole that could easily be utilized by the hackers to download malicious applet or code to any of the user’s machine, that visit the hacker’s website. So anyone who is running the 1.7 version of java in their systems, with the java plugins enabled, is vulnerable to such threats.

Before three months, FireEye, an organization that detects the software vulnerabilities and prevents the upcoming cyber attacks, went public saying that the 1.7 version of java has a security hole that is being exploited by attackers to perform zero day attacks. Though some researchers felt that FireEye should have informed Oracle about this vulnerability instead of going public, their news has given a warning to all those users who have installed java 1.7 in their machines.

The Zero Day Attack

A Zero day attack is performed on the very first day of finding vulnerability in an application. This means that the software vendors do not even have a single day to make sure that the vulnerability is fixed. Sometimes, the attack will be performed, even before the software vendor is aware about such vulnerabilities, which leaves them zero days to address the security hole.

A temporary solution

Since the release of java 1.7, there have been many issues and bug fixes. Now it has been revealed that 1.7 version of java is not secure and it is our responsibility to remain safe from being attacked. As of now, there have been no patches released by oracle to address this vulnerability. So in order to stay protected, we must either disable the java plug-in from our web browsers or make sure that we visit only trusted websites. Since JRE 1.7 is not secure yet, it is also recommended to uninstall java 1.7 and switch back to java 1.6.

Recently, many zero day attacks, exploiting the vulnerability of java 1.7 have been identified. Most of the victims were windows users, but it is just a matter of time, until MAC users get attacked. Hence it is better to stay out of java 1.7 until a security patch has been released by Oracle, to fix this security hole.