Java installation flaw leads to security alert

Last week, Oracle announced that it would be phasing out Java plugin support based on current browser vendor trends. Even with that news, Java continues to show security issues, as a post from the Oracle Software Security Assurance Blog highlighted. This post specifically pointed out an installation flaw that could "completely compromise" affected systems if the vulnerability is exploited.

"The exploit leaves users open to 'binary planting' tactics."

The company's Security Alert CVE-2016-0603 addresses the vulnerabilities that come with some versions of Java. Although the bulk of the message centers around Java 6, 7 and 8, older versions are at risk as well: the source states that users should "discard" any versions earlier than "6u113, 7u97 or 8u73."

Oracle has released a wealth of Java patches recently, sometimes all at once, and yet this particular threat is supposedly one that previously existed.

Writing for PC World, Lucian Constantin said that the exploit leaves users open to "binary planting" tactics that can be connected to other software installers. He also explained that the problem comes when hackers trick a user into accidentally running malicious code during installation.

"Some browsers are configured to automatically download files, even if they don't execute them," Constantin writes. "It's not hard to imagine a sort of carpet bombing attack where a malicious or infected website drops specifically named DLL files on users' computers on the chance that a small percentage of them will later be executed by vulnerable installers," he adds later.

To combat Java issues, organizations can choose a web based terminal emulator that helps them avoid the problems associated with difficult applets.