Another Java Vulnerability: Old School Attack Undoing Malware Protection Protocols
It seems like there is no end to the security vulnerability issues that keep cropping up in Java. Just a few weeks ago-March 5, 2013, Java released a couple more emergency updates that patched up two vital flaws in Java. Now, a problem at the browser level has been unearthed in Java. The browser plug-in that has been provided for the Oracle Java software framework has a flaw that will allow cybercriminals to gain access to victim’s computers. With this access, they can plant malware or other malicious software into the computers of the end users.
No Digital Certificate Verification
According to the researchers who have unearthed the issues, the browser plug-in does not verify the digital certificate of any Java apps that websites host, by default. This is a serious flaw at the most basic level, and is not expected from a tech giant like Oracle. As a consequence, even when Java apps with no certificates or reportedly stolen certificates are hosted on the websites, the plug-in will just report it as trustworthy and allow its execution. This allows cybercriminals to use the Java apps as carriers for malicious software into the victims’ computers.
Oracle Chooses to Remain Mum on the Issue
People have been keeping a keen eye on the official blog of Oracle and other channels that the company constantly uses to update the general population. Sadly, there has not been any news from Oracle, either acknowledging the issue or announcing a fix for it. Even emails sent to more than 10 PR representatives failed to evoke a response from Oracle’s side.
However, Java still remains one of the most popular and widely used programming languages in the world. If you are taking Java training courses, learn ways in which you can develop software and apps by circumnavigating these security vulnerabilities.
Please Share This Knowledge With Others!