Java is an extremely common software that is used around the world by thousands of people. If you keep up with tech news, you probably know that the Java platform is also particularly insecure.
Recently, the insecurity was found to be such a threat that the United States Department of Homeland security has instructed people who have it installed on their computer to have it disabled. Apple also responded to the security threat by having the Java plug-in blocked on their OS X.
The Main Danger
The highest risk group of the Java security problems is to businesses not consumers. This is because many businesses use Java as a platform for their desktop and web-based applications. This doesn’t mean that it isn’t a threat to normal consumers. Java is used in hundreds of different applications. There are even some web pages that have Java built into their website, which require you to have the latest version in order to properly view it.
Java has had security problems for a long time. Oracle has had to release frequent updates to Java in order to keep up with its security problems. Most recently, update 10 for Java 7 had a serious vulnerability. It allowed attackers to execute code of their choice on the system. This could lead to some serious damage to the victim’s computer as well as substantial information loss.
The highest risk group of the Java security problems is to businesses not consumers.
After people found out about the danger of update 10 for Java 7, most were very eager to try and get a security patch. Unfortunately, a fake patch was deployed on the internet. Criminals knew that Java’s update 10 had major security flaws and that people would be seeking a patch. They used a social engineering tactic and released a bogus patch called “javaupdate11”. At its core, this was essentially a download that would install a backdoor onto a person’s computer.
Once the backdoor was installed onto their computer, it allowed criminals to install other malicious programs onto them. The most common programs found were key loggers, which are programs that save your login information with the hopes of gaining access to your finances.
This false update was found on corrupted websites. The best way to avoid these types of attacks is to only download software updates from trusted websites. Never go to third party websites to receive important software updates.
As it stands, Java’s future is uncertain. Java’s security leader, Milton Smith, at Oracle said that they intend to patch Java in order to increase its security. However, no specific changes have been announced. It’s hard to tell whether or not Oracle will be able to fix Java. In an interview with ComputerWorld the director of security and operations Andrew storms said that Oracle should just completely redesign Java.
Only time will tell if Oracle will be able to salvage Java. If you use applications that run Java, are you aware of the security risks involved?