Oracle has had a busy 2013 so far as it has scrambled to fix dangerous zero-day exploits found in its Java browser plugin. The company will have no rest, however, as security researchers have found more exploits.
Security research firm Security Explorations reported two new zero day exploits hit Java on February 25. Since then, the company has provided a number of updates on the progress its made with Oracle to patch these security holes:
The issues referenced above – 54 and 55 – can apparently be combined to “gain a complete Java security bypass in the environment of Java SE 7 (Update 15).” Issue 54 is being labeled by Oracle as a non-issue, but issue 55 has been picked up for further investigation.
This latest discovery only further stains Java’s reputation as it has not only been exploited twice in the past two months, but said exploits led to major firms like Apple and Facebook being hacked. Granted, Oracle can’t predict every new exploit that comes its way, but you would think it would be more thorough before releasing updates.
So, what can you do to prevent any Java-based attacks? It’s rather simple really – just disable Java. Firefox automatically disables it for you, and it’s easy enough to disable on other browsers as well.[h/t: ZDNet]