Monday, 14 January 2013
Oracle Corp. said it is preparing an update to address a flaw in its widely used Java software after the US Department of Homeland Security urged computer users to disable the program in Web browsers because criminal hackers are exploiting a security bug to attack PCs.
“A fix will be available shortly,” the company said in a statement released late on Friday.
Company officials could not be reached on Saturday to say
how quickly the update would be available for the hundreds of millions
of PCs that have Java installed.
The Department of Homeland Security and computer security
experts said on Thursday that hackers figured out how to exploit the
bug in a version of Java used with Internet browsers to install
malicious software on PCs. That has enabled them to commit crimes from
identity theft to making an infected computer part of an ad-hoc computer
network that can be used to attack websites.
The Department of Homeland Security said attackers could
trick targets into visiting malicious websites that would infect their
PCs with software capable of exploiting the bug in Java. It said an attacker could also infect a legitimate
website by uploading malicious software that would infect machines of
computer users who trust that site because they have previously visited
it without experiencing any problems.
They said developers of several popular tools, known as
exploit kits, used by criminal hackers to attack PCs, have added
software that allows hackers to exploit the newly discovered bug in
Java.
Security experts have been scrutinizing the safety of
Java since a similar security scare in August, which prompted some of
them to advise using the software only on an as-needed basis. At the time, they advised businesses to allow their
workers to use Java browser plug-ins only when prompted for permission
by trusted programs such as GoToMeeting, a Web-based collaboration tool
from Citrix Systems Inc.
