Serious security flaw discovered affecting 1 billion computers
A serious security vulnerability related to the Java plugin on web browsers may have affected more than 1 billion computers worldwide, which could allow hackers to exploit it to install malicious code on users' computers.
The information was announced yesterday by Adam Gowdiak, founder and CEO of Finnish security firm Security Explorations. Accordingly, Gowdiak said he discovered a security vulnerability in Java software, allowing hackers to exploit it to install malicious code on the victim's system.
All Windows and Mac computers are at risk of being affected by this security flaw, especially if they have Java installed on their computers. In the case of Mac OS X users running Snow Leopard (10.6) or earlier, the possibility of being affected is even higher because Apple pre-installs Java on these operating systems.
All current versions of Java, including Java 5, 6 and 7, are vulnerable to this security vulnerability.
Adam Gowdiak, founder and CEO of security firm Security Explorations
This is not the first time Gowdiak has discovered a security vulnerability in Java. Earlier this year, the security expert also found a series of security vulnerabilities in Java and immediately reported them to Oracle, the software company behind Java.
Not long after, hackers discovered one of the same unpatched bugs and exploited it in widespread attacks in August. It wasn't until August 30 that Oracle had to issue an emergency patch to fix the previously encountered Java bugs.
However, if the previous security hole only affected Java version 7, the new security hole just discovered by Gowdiak is even more serious, especially when it affects all versions of Java.
“This vulnerability has the potential to affect a large number of computers with Java installed,” Gowdiak said. “This vulnerability affects all versions, Java 5, 6, and 7. We even tested the latest Java 7 Update 10, released on September 20, but it also contains the same vulnerability.”
According to Oracle's statistics on the number of users who have Java installed on their computers, Gowdiak estimates that there are 1 billion computers worldwide that contain this security hole and have not been patched.
However, Gowdiak also reassured the public by saying that no hackers have discovered and exploited this security hole, at least until now.
“We have not seen any attacks based on this vulnerability,” Gowdiak said.
After Gowdiak reported the new security vulnerability, Oracle confirmed the bug and said it would release a patch in the next version. However, Oracle is not expected to release the latest version of Java until October 16.
When asked why Gowdiak made this information public, instead of waiting for Java to release a patch, since based on this information, hackers could learn and exploit what the security hole in Java is, Gowdiak said:
“There are still three weeks before Oracle releases a patch for Java, so I wanted to give an early warning to everyone globally to take appropriate precautions.”
In addition, widely publicizing the information and having it reported by the media will be a measure to force Oracle to be more quick in releasing its patch.
To protect themselves, Gowdiak and security experts advise users to disable plugins on all web browsers, including Firefox, Internet Explorer, Chrome, Safari or Opera... and wait until Oracle releases its latest patch.
(According to Dan Tri)- VT
