Things are getting worse for Oracle.
A day after the company released an emergency patch to fix a security hole recently discovered in its Java software, researchers at the Poland-based security firm Security Explorations are already claiming that they have found a security flaw in the fix, reports IDG News Service.
The Java security saga started on Sunday, when security researchers at FireEye uncovered a security flaw in Java, which exposes all devices running version 7 of the software to attacks. Cult of Mac explains that the bug is intended to trick users into visiting an infected website, which then downloads a malicious applet onto their computers.
Since the discovery, many security experts have urged users to disable Java on their web browsers. Mozilla, maker of Firefox, also joined the call.
On Tuesday, researchers at the security firm Immunity said that a second bug has been identified in the attack.
Security firm Websense told Computerworld in a interview two days ago that the bugs had already hit over 100 websites, an indication that the outbreak has gone mainstream.
Computer security firm Symantec has identified a group of Asian hackers known as “Nitro” as the culprit behind the attack. The group first emerged on the hacking scene in October 2011, when they stole data from 29 US, UK and Bangladesh-based chemical companies. The nom de plume “Nitro” was coined apparently because of this maiden hack, which took aim at the chemical industry.
Security Explorations, reports IDG News Service, claimed that they alerted Oracle of Java 7’s security vulnerability four months before FireEye’s announcement last week.