Oracle’s Java software embedded in web browsers provides the hole for bad guys to carry out the attack, according to FireEye. The web security company announced on 26 August that it detected the attacks being used by hackers in the web, rather than being circulated first for discussion. It noted that until Oracle provides an update, this vulnerability will continue in its current states for millions of devices around the world.
Java, according to Oracle, is running in about 3 billion devices throughout the world, including smartphones, tablets, and computers. Another security company, Rapid7, also said that only about 35 percent of Java users get the right updates when security holes like this one are detected.
The recent vulnerability attacks Java on version 7 but not the older versions.
FireEye discovered the flaw after it noticed that several victim websites were installing malwares to computers running on Windows. The report said Macs can be targeted as well, although they are a bit secure because these machines do not install Java by default, and most of them are still running the older version 6.
Java provides a useful function to web browsers since it eliminates the need to write specific code for Mac OSX or Windows operating systems. However, it also makes machines running it vulnerable as it can give hackers an easy way to bypass some computer and browser security settings. The same is true for smartphones as Java is a commonly used to run games.
Oracle has not yet released an official word when it will fix the issue. Experts think that the company is probably sticking to its preplanned quarterly update, which will not happen until October.
That the billion-dollar company has not come up and offered an emergency update has baffled many experts.
For users wanting to check if their machines are vulnerable to this new threat, Rapid7 has offered a free service here.