The Internet is still buzzing (like that: http://www.facebook.com/photo.php?fbid=10151133269844183&set=p.10151133269844183&type=1&relevant_count=1) with the echoes of recent Oracle’s fail-streak. If you have no idea what has happened recently, you can check some details here: https://www.computerworld.com/s/article/9230812/Researchers_find_critical_vulnerability_in_Java_7_patch_hours_after_release

Short version for lazies:
  1. On April 2012, a severe vulnerability has been detected in Java 7 and reported to Oracle.
  2. It took few months for Oracle to release the fix - they did it just few days ago, when they realized that some exploits are already gaining worldwide “popularity” in the Internet (released somewhere in China).
  3. Unfortunately it appears that even if the fix truly solved the original issue, it has opened another severe vulnerability that was detected on the very same day patch was released!
  4. How can my computer get infected? Few conditions have to be met:
    1. Faulty version of JVM installed
    2. Java plug-in enabled in the browser
    3. Opening the malicious page in the browser (each day there are more and more)
You can check if your computer is vulnerable to those exploits by trying the following website: http://www.isjavaexploitable.com/. According to unauthorized calculation based on some unconfirmed Oracle data, even 1 billion (YES - 1_000_000_000!) computers may be vulnerable.
Obviously such situation happen and will happen in the future as well. There are no safe solutions and bug-less software, so it happens to all the vendors - but the carelessness Oracle expressed during all those months is very disturbing.
Share this post