Oracle’s Java patch reveals new security hole

Posted by David Bernstein

Last week there was a security hole discovered in the latest Java update 1.7 that installed the Poison Ivy Remote Access Trojan on various computer systems. Many people were worried that Java wasn’t going to put out a fix any time soon and that the infection would begin to spread.

But now that Java finally came out with a patch for their previous update it seems as though the patch has revealed a new security hole that was not known about until now. Oracle was urging users to apply the update but a security expert from Security Explorations in Poland claims that all the issues were not fixed and that there are some new flaws that can be exploited thanks to this latest update.

Even though the patch offers many fixes that are necessary to make Java secure, it still needs more work. Hackers were able to use Java to send phishing emails to Amazon and Microsoft users. The emails looked legitimate but contained a hyperlink with a virus. Oracle has been alerted to this new issue and now we will have to wait again for the next patch and hope this time is complete.