There was a lot of interest and panic when security companies exposed the vulnerability in Java, which was exploited by hackers to gain unauthorized access to computers. If you are enrolled in Java training courses, your instructor will probably be conducting a session on how exactly this vulnerability was exploited. Most probably, he/she would be asking you to present a detailed paper on it as it is a very fascinating topic. But an astonishing fact has been revealed by a researcher to the media on the 30th of August and has created a lot of unrest among Java patrons who have gone as far as to question Oracle’s credibility.
Polish Security Company, Security Explorations, Researcher Exposes This Fact
Adam Gowdiak, exposed this fact through an email and reported that how his company had been alerting Oracle about the security flaws from the month of April. The CEO, and also the founder of Security Explorations, elaborated in the email that they explained about 19 security vulnerabilities on the 2nd on April. Gowdiak said that out of the 19 issues, couple of them were zero day issues that hackers were exploiting to gain access into the computers of unsuspecting users.
Steady Reports of Flaws Ignored By Oracle
We are not exactly sure if Oracle ignored the warnings from Security Explorations or were working on a patch in the interim. But Gowdiak’s email also reveals that his company continued to feed Oracle with the data about the vulnerabilities in Java 7 in the months after April and by the email, a total of 29 flaws were exposed. He also highlights that the company representatives from Security Explorations gave a live demonstration to Oracle about 16 of the full Java 7 vulnerabilities. This was done by using some of the bugs which the security company had developed by itself.
Surprising to See Lack of Action On the Part of Oracle
The most surprising part about this exposure is the lack of action from a company like Oracle. They have established a reputation of being the best in the business and such a lapse in security was previously unheard of. Although this issue might raise some eyebrows, the fact of the matter is that Oracle released the latest security patches that fixed all these flaws. So, the damage was limited but the extent of damage is yet to be determined. Judging by current trends, we can witness a few other updates from Oracle just to polish up the patching job and ensuring security is flawless.
Please Share This Knowledge With Others!