A zero-day hole disseminated on the Internet by a Google researcher has begun to be explored. The researcher decided to publish the flaw after the Sun (a company owned by Oracle and is responsible for Java) said it did not consider the problem serious enough to throw out an update cycle of three months that the firm follows.
The specialist who discovered the problem, Tavis Ormandy, disagreed. He decided to put the information on the web, because, he said, “that would be of interest to all but the developer.” The flaw, which is easy to be exploited, soon began to appear in malicious Web sites. A popular site for lyrics, the songlyrics.com was hacked to send users to malicious code, according to Britain’s security site H.
Once the vulnerability has begun to be explored, an update (Update 20) of Java was released to fix the problem. The release notes do not tell that something was fixed, but, again according to The H, it is not possible to exploit the flaw in this new version.
Oracle has already begun to give another update, Update 19, at the end of last month to fix 27 security holes.
The update is highly recommended. Java has an automatic update feature, which will inform you that an update is available. Accept it and proceed to the installation.
Via: The H.
