It was about a week following the attacks made to Java by hackers, and Oracle needed a quick fix to address the bug issues. Hackers have undoubtedly discovered the most vulnerable point in Java and then started attacking the programming language by installing soft-wares of malevolent nature into a particular computer.
This heinous exploit was resolved and fixed when Oracle performed some patches to the virtual Java Machine.
That sounded like a relief as it was announced by AVG earlier in the week that the same bug is utilized in other cyber-attacks. AVG Technologies said that one web site with song lyrics contents has been attacked with the similar hacking method. When the web site’s visitor clicked on an application link, the page is then directed to a Russian server which launched the attack. On a Thursday morning, Oracle has made available to the public its SE6, version 20 update of Java, this version update mainly addresses three bugs present in the programming language. Most importantly, the SE 6 also accounts for the AVG’s attack on Java susceptibility which was announced last week by one of Google’s researcher, Tavis Ormandy.
Tavis Ormandy had stated and explained on Twitter exactly how hackers and attackers could operate an illegal Java program.
Attackers could conveniently manipulate the Java program straight from a person’s computer by utilizing special designed software that helps IT program developers in their own software distribution. However, Ormandy said that systems operating on Windows are those at higher risk. Hackers could eliminate the susceptible part then replace it with ‘return 0’.
Incidentally, Ormandy has been told by the Java team of Oracle that this weakness is not that serious an issue that a patch would be necessary. Apparently, Java would be updated for security on a scheduled date on the month of July. But since the flaw had noticeably been exploited to an alarming level, Oracle had decided to alter the schedule and patch an update on an earlier date.
Oracle spokesperson was not able to comment to the post right away. The exploit and attack takes effect when a user launches an application from a particular web start element from Java. From there, the hacker commands the virtual machine to begin installation of a malicious code in the Java library. This code is reported to be able to start a malevolent program too.