A security hole has been discovered at the heart of a type of computer code which is used on more than a billion PCs and Macs worldwide. The critical hole, which has been called the ‘zero day’ vulnerability, exploits all versions of Oracle’s flagship Java software and could potentially allow hackers to take control of a user’s system.
Java is an extremely common programming language which is used by many websites and pieces of desktop software and includes cross-browser integration with Safari, Internet Explorer, Chrome and Firefox. The implications of the security hole could be massive due to the wide-ranging use of Java on computers across the world.
The security hole was discovered by Adam Gowdiak, the CEO of Security Explorations, a Polish firm which seeks to discover and fix holes in popular pieces of software and programming languages. The news comes hot on the heels of another ‘zero day’ discovery in Java last month. The security holes are named ‘zero day’ because there is no known cure available, which is even more worrying news for Oracle and users of the Java platform.
It is thought that no hackers have access to the vulnerability yet, and the source code has been sent back to Oracle for analysis in the hope that a patch can be released in order to plug the security hole. Oracle are yet to make a statement on the matter, but it should be noted that they were quick to push out an emergency fix last time such a bug was discovered.
Oracle was founded in June 1977 in Santa Clara, California, with Oracle Version 1 being released the following year. Introducing SQL database systems in 1979 as well as a number of other groundbreaking technologies, Oracle has risen to become the industry leader in patent enterprise systems. In January 2010, Oracle acquired Sun Microsystems, becoming a manufacturer of both hardware and software. It was Sun Microsystems who originally developed the Java environment in 1990 as an alternative to the C++ and C programming languages. The bulk of Java implementation was released under the GNU General Public License (GPL) in November 2006.
It has come under fire a number of times in the industry due to its design choices and handling of certain aspects of software. Performance was a major factor in the early days of Java, but it is now considered one of the fastest language platforms available in recent benchmarking tests, often up to three times faster than C/C++. Security holes in Java began to be exploited in 2010 when the environment became a common target for computer hackers, targeting the Java virtual machine in particular. Oracle has encouraged its users to always update Java in order to ensure they are protected by the latest security fixes.
However, surveys have shown that many users are unaware of what Java is and many do not even know they have it installed, with the majority not knowing how to update it. As many corporate firms and businesses restrict software installation on their computers, updates are often slow to be deployed which can affect security enormously in corporate environments. However, with Java being able to run on any system due to its cross-platform capabilities, it is widely used as a platform in more than a billion computers worldwide. The platform is even used in many types of mobile phones as well as routers and mainframes, requiring very few adjustments. Its far-reaching nature and worldwide appeal is what can often make it an appealing target for hackers. This is widely assumed to be a primary reason for it having been a target in recent months and years.
This latest security hole will affect worry the majority of users since it is believed that no hackers have actually managed to exploit the hole. With Oracle widely expected to release a security patch in due course, there should be no risk to users but it is unlikely to inspire confidence in those who use the Java platform regularly, particularly after a number of security risks and threats in recent months and years.
By Chelsey Evans