Oracle released an emergency software update to fix its Java software from vulnerabilities days after security experts and the Department of Homeland Security recommended users disable the software due to hacking concerns. Some experts say, however, that the patch doesn’t fix the problem and that bugs remain.
The update, available on Oracle’s Web site, fixes two vulnerabilities in Oracle’s version of Java 7 for Web browsers that has enabled hackers to install malicious software on PCs. Oracle said in its security blog that in order for the holes to be exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website, allowing the attacker to execute arbitrary code in the computer. Oracle also said that it switched Java’s security settings to “high” by default, making it more difficult for suspicious programs to run on a PC.
In a press release put out by Malwarebytes today, the company has announced its partnership with the non-profit organization StopBadware. With the new partnership, Malwarebytes is joining a number of other Internet and software companies, including Google, Mozilla, Paypal, and Facebook, all of which are looking to make the web a safer place.
The partnership will allow Malwarebytes to participate in StopBadware’s new data sharing initiative which seeks to build a thorough database of malware URLs which can be used to help the security community. Additionally, Malwarebytes will be taking part in StopBadware’s Partners Forum, where companies involved with StopBadware share threat intelligence and strategies to help fight malware. Aside from sharing intelligence and strategies, the Forum also works to figure out ways to better assist website owners whose websites have been compromised by malware, which is becoming a growing problem.