Skip to main content
  1. Home
  2. Computing
  3. News

Oracle releases security patch to fix Java vulnerabilities

Anna Washenko
By
Image used with permission by copyright holder

Java made headlines last week when researchers identified a security flaw in the software that allowed hackers to remotely execute malicious code in the wild. On Sunday, Oracle announced on its software security blog that it released a new security alert to repair two problems in the application. Security Alert CVE-2013-0422, which can be downloaded here, will prevent against two vulnerabilities that were remotely executable. The company’s post confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java.

The other change in this latest patch is that Java’s security settings will now be set to “high” by default. The more restricted setting means that a computer owner needs to directly authorize the execution of any unsigned or self-signed applets. That means a user will be notified if a malicious site attempts to run an applet and can shut down the execution before it attacks the machine. The Java Control Panel, released in update 10 of the latest Java version, can also let users turn the software on and off from their browsers.

Recommended Videos

While the patch download will secure your computer against this new attack threat, the discovery of last week’s zero-day vulnerability has led some tech experts to renew their calls to abandon Java entirely. The zero-day vulnerability is just the latest security flaw of that type to appear in the software, which is a common part of both work and home computing for many people. Users were encouraged to disable the app until the patch appeared from Oracle, but it seems unlikely that even this new security weakness will lead to a serious drop in the program’s pervasiveness.

Related

According to InformationWeek, Oracle is slated to release another patch on Tuesday. Be prepared for lots of upkeep this week if you are a regular Java user.

Image via Roger Price

Editors' Recommendations

Anna Washenko
Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
Uh-oh! There’s an unfixable security vulnerability in Intel processors
Stock photo of Intel 9th gen core processor.

A security issue that could affect almost all Intel processors released in the last five years has been discovered. Researchers at the security firm Positive Technologies found an error in a system called the Intel Converged Security and Management Engine (CSME), as well as in the hardware of the chips themselves.

The CSME system is used in a large number of processes on the chips, including initial authentication, and is the basis for various hardware security technologies used on Intel chipsets. It may be impossible to fully secure against this vulnerability.

Read more
An Nvidia vulnerability has been found. It’s time to update your drivers
nvidia rtx 2080 super review mem4

Just this month, Nvidia posted a security bulletin on its site alerting consumers that GPUs in its GeForce, Quadro, and Tesla product lines were all affected by serious vulnerabilities. The vulnerabilities range in severity, but get as dangerous as local code execution and privilege escalation, and can be found in all versions of numerous driver tracks that the company provides for its hardware.

Notably, this includes the R430 line that powers the GeForce GPUs. While Nvidia has since issued new patched versions of all of its GeForce and many of its Quadro drivers, patches for some of its Quadro and Tesla drivers have not been released, and in some cases won't be ready for two weeks.

Read more
LG just knocked $300 off this 16-inch lightweight laptop
lg ultrapc 17 review front angled

For those people who are constantly on the go, grabbing a thin and light laptop makes life a lot easier, especially since they tend to weigh a lot less while also having very capable performance. Unfortunately, that does come at a bit of an extra cost, so we're happy to see this deal from LG on the UltraPC laptop that knocks it down to just $700 from its usual price of $1,000. That's an excellent price for a laptop that can outperform competitors at the same price range, even with the discounted price.

Why you should buy the LG UltraPC laptop
This new version of the Ultra PC is a big upgrade on the previous LG UltraPC laptop and follows the same lineup of LG's very thin laptops like the LG Gram 17, so LG has quite a lot of experience in this market. That's pretty obvious by the fact that the UltraPC has a tiny 0.64-inch thickness, making it thinner than many books. It doesn't lose out on other features, though, and it still comes with a pretty substantial 16-inch screen that runs a modified FHD resolution of 1920 x 1200, which may be a bit low for such a nice laptop, but it's not a dealbreaker if it helps keep the price down. The keyboard is also great to use, and while the previous version of the UltraPC had a comically small touchpad, this new one is a lot more substantial and useful.

Read more