Oracle issues patch for Java loopholes
- 31 August 2012
- From the section Technology
Oracle has issued a patch for loopholes in its Java program that was being actively abused by cyber-thieves.
The software giant took the unusual step of issuing the patch well before the usual date for security updates.
The patch closes loopholes that together left users of almost every operating system vulnerable to infection by viruses.
Tens of thousands of machines are believed to have been infected by viruses that exploit the bugs.
Oracle typically issues security patches for Java every quarter but it tore up the usual schedule because the bugs were being increasingly abused.
Security firms said code to exploit the loopholes had been recently added to the popular Blackhole crimeware kit. This software package is an all-in-one computer crime kit that makes it easy for those with little technical knowledge to become cyber-thieves.
Adding code to the kit would hugely boost the numbers of malicious hackers trying to compromise computers running Java.
Java is a widely-used programming language designed to let developers write programs once that can then be run, with minimal changes, on any computer. Oracle claims Java is used on more than one billion desktop computers.
Some sites use it to add extras to their webpages that can be used via a browser add-on or plug-in. Some games, including Runescape and Minecraft, are built around Java.
Security expert Brian Krebs said the safest way to avoid any trouble was to remove it from a computer system.
"If you don't need Java, uninstall it from your system," he wrote in a blogpost about the security updates.