Download the patch below:
The Java vulnerability question has arisen once again, this time with 250,000 compromised Twitter accounts. According to the Twitter blog some unusual access patterns were detected leading to a more detailed investigation.
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
The Twitter accounts affected by the issue have had their passwords reset, however this may be a good time for all Twitter users to consider changing them. Twitter also goes on to recommend that all users consider implementing strong passwords however in this case I don’t think it would have made a difference. This was a large scale security breach.
As a result of all the talk surrounding Java, Oracle decided to expedite the patch process and has released an emergency update. According to the Oracle Security sub-site the company recommends installing the patch as soon as possible due to the threat posed by a successful attack.
“The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.”
If you can’t immediately install the Java update it’s recommended that you disable Java completely in your browser. Mac users would be advised to check their software updates for an update. In the meantime Apple has updated its anti-malware protection system by proactively disabling Java for users.
What steps have you taken to protect yourself against the Java threats?