Oracle had just released recently the amazing Java 7 Update 11 to protect computers against malware and stop the worst thing that can happen as aspired by cyber criminals – bringing computerization back to block zero. It became a nightmare when Adam Gowdiak, founder of the Security Exploration of IDG Service received an email about the newly discovered technical detail on security vulnerabilities of Java 7 Update 11(JRE version 1.7.0_11-b21). Many subscribers were shaken about this news that their computer can still be exploited despite subscribing to Java. This vulnerability was said to allow the security sandbox software invasion and will not hinder implementation of arbitrary code. These findings were reported at once to Oracle together with the proof-of-concept code.
Investigators from the said Security Exploration Services was conclusive – that the technique used by the cybercriminals in exploiting Java’s system was linked to the two Java vulnerabilities indicated during a Java sandbox leakage. However, it was later found by researchers to be a different case – but investigators warned users just the same. They should never underestimate the ability and abusive intellect of the perpetrators. Once the attackers detect a perfect chance to attack Java applets, they will not think twice in doing some harm – just when everyone is feeling secured with their security software.
Based on the Security Exploration’s policy, the disclosure of technical issue to the public can only be undertaken after the issuance of the patch by the seller. Just for security reasons, it is advised by some security researchers and the US-CERT to look for other more dependable security application. The Computer Emergency Readiness Team in the US is even campaigning to Java users – to finally disable Java browser plug-in installed in their computer. In the same manner, the newly launched Java 7 Update 11 is considered as no longer safe to use because cyber criminals are obviously making it as a major target for their attack at any time.
Therefore, as expressed by Adam Gowdiak; the reliability of Java SE 7 code is now being questioned. This factor manifests the internal problem coverage in terms of the Java’s Secure Development Lifecycle program or other internal problems of Oracle. Gowdiak shares that the real purpose of Java 7 Update 11 is to protect the users’ application. So, from the point when a confirmation is asked to permit Java applets to perform inside the browsers, foreign malware should already be blocked immediately. This makes a lot of sense because this is when harmful malware lead the applets to go astray from the secure steps.
In response to this, Apple already took an exceptional step by applying the anti-malware tool in the form of OSX. This will enable the surviving installations of the Java 7 browser plug-in to be resistant to the damaging malware. To thoroughly fix the vulnerability, Java 7 Update 11 must be reformed in the default security setting by adjusting the security level from “medium” to “high”. This new setting will trigger the anti-malware software to issue some warnings before the Java plug-in is activated and this will prevent silent attack to your computer. This is surely an added task because unlike before the incident, it is not anymore enough to just install the Java’s applets – then web start for a safe operation.