Java is, in one way or another, essential to practically everybody using a computer. You may not know it, but the chances are, your PC or Mac has a Java-reliant app installed, and according to a guy renowned for finding holes in Java, every current version of Java is vulnerable to a new exploit.
Although it’s not quite "panic stations" just yet, but security bod Adam Gowdiak has a pretty solid reputation in the Java exploits department. Moreover, Oracle’s statistics suggest as many as a billion computers could be affected, which would render it among the largest malicious software outbreaks to affect computers worldwide.
Apparently, the vulnerability can be used to install malware on a user’s computer, and as such, Gowdiak has sent the vulnerability’s source code to Oracle for purpose of analysis. Although Gowdiak has helped see off many Java exploits in the past, Oracle’s history in this field is a little more chequered, so the security world is naturally a tad uncertain at this point in time.
Gowdiak reported many bugs to Oracle earlier this year, and having done all he could, expected the issues to be amended. However, unbeknown to Gowdiak and Oracle, one of the exploits was discovered and utilized to formulate attacks against users last month.
All eyes are currently on Oracle, and with the "billion" number having already been thrown out into the wild, it cannot now be retracted, so there’s no margin for error this time around. Oracle pushed the Java update on August 30th in a hurried fashion, and although the attacks made prior to the emergency update were pretty widespread, they present a drop in the ocean compared with what could be if this latest exploit isn’t patched.
Unlike usual malicious exploits, this one affects both OS X and Windows users, and while Mac was once seen as a safe haven from the web’s non-niceties, the Flashback malware outbreak last year taught us – and Apple – that complacency has no role when it comes to security.
We’ll be keeping an eye out on the patch from Oracle, and here’s to hoping the remedy arrives sooner rather than later – before anybody finds their computer riddled with malware.