Oracle’s Java update to fix security exploits released, but proceed with caution

Oracle just issued an update to fix the security exploits in Java that could allow malicious websites to install a piece of software without the user’s consent. The security hole was being actively exploited that even forced the Computer Emergency Readiness Team (US-CERT) to advice users to disable Java altogether.

Today, the company released an emergency patch which they assure mitigates the vulnerabilities with security alert CVE-2013-0422 and CVE-2012-3174. The update also changes the default security setting for Java to “High”, which means that from now on, users will need to acknowledge any Java applets before they can run in the computer. Oracle also recommends to apply the update as soon as possible, since it does not take a lot skills for someone to create something that could put your system at risk.

Following The Verge report, Adam Godwiak, responsible for finding the vulnerability, told Reuters that the patch released isn’t enough for users to be one-hundred percent safe, “We don’t dare to tell users that it’s safe to enable Java again.” Which simply means that until there is no doubt the situation is clearly fixed, the best solution is just to have Java disabled

Download the path here and get more details about the vulnerability here.

Source Oracle via The Verge

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He is also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and