E-commerce Security: Recent Java Threat and Patch

According to Oracle, more than 850 million PCs, and billions of devices around the world use Java, its ubiquitous programming language and computing platform. Which is why the recent alert released by US-CERT regarding an e-commerce security bypass vulnerability in Java is particularly troubling.

According to US-CERT a serious flaw “in the Java Security Manager” has been discovered which “allows a Java applet to grant itself permission to execute arbitrary code”. This susceptibility means a malicious user could embed foreign code into any system running Java version 7, leaving a massive number of devices open to attacks. In fact, in a nearly unprecedented move US-CERT has recommended that users disable Java until they are able to download the update released by Oracle.

This news has had such a major impact on users at all levels of computing that it has led some in the industry to call for a decreased reliance on Java, as Andy Greenberg wrote in his article on Forbes.com “Java watchers in the security industry are recommending that users give up on the endless cycle of the program’s bugs and fixes and instead turn it off in their browsers for good.” Additionally, the security firm Kaspersky, in its third quarter analysis of security threats reported that Java was compromised in fully 56% of all known attacks that took advantage of software vulnerabilities.

While it may prove too bothersome for some users to go on without Java, it seems there may be good reason to keep an ear to the ground regarding its seemingly rampant bugs. Regardless, it’s clear that in this day and age you can never be too careful.