A new version of Java has a huge vulnerability that, if exploited, can hand over control of your computer to remote hackers. The hack can happen if you go onto a malicious website, where after the hack will execute the arbitrary code.
The process of going onto the website happens and then the hackers can remotely add parts into Java, giving them almost full access to all your computer. This is one of the biggest hiccups Oracle has ever had with Java.
There are still a few people that don’t support anything that uses Java, simply because of the vulnerabilities in the code. We suspect that with this new bug many will move away from Java completely, and many more will remove this version.
US-CERT, AlienVaultLabs and BitDefender have all raised awareness to this problem and said that Java 7 update 10 is where the real problem lies.
“The default security level for Java applets and web start applications has been increased from ‘medium’ to ‘high,” Oracle said in an advisory today. “This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the ‘high’ setting the user is always warned before any unsigned application is run to prevent silent exploitation.”
This isn’t all Oracle will be doing, they are working on fixing the bug in due time and hopefully getting the situation back to normal. Apple has already issued the proper antidote to their computers by stopping Java 7 update 10 from running.
While this is just a hiccup, it is yet another mistake that could cost Oracle a lot of users. With Java already being questioned, some other company could come in with a more secure service.