Oracle patches Java vulnerability

Stefan Mileschin · 3rd September 2012, 07:41

Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers.

The flaw was announced last week after it was used by hackers in targeted attacks on Windows.

The flaw was similar to the recent Flashback malware in OS X, and allowed hackers to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Proof of concept attacks using this vulnerability have been found to run on all platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion.

What was a little worrying, is that Oracle only releases Java updates every quarter so that means that it could do a lot of damage before the company pulled its finger out.

This forced some companies to issue their own private patches to this vulnerability just in case it took forever for Oracle to realise it was screwing up the internet.

Now it seems that Oracle has stepped up to the mark and broken its regular release schedule to offer a patched version of the Java 7 runtime.

The Java 7 Update 7 patch can be downloaded from the Java SE Downloads Web page and Oracle recommends that all users of Java 7 apply the update.

http://news.techeye.net/security/ora...-vulnerability

3rd September 2012, 07:41	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,553	Oracle patches Java vulnerability Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. The flaw was announced last week after it was used by hackers in targeted attacks on Windows. The flaw was similar to the recent Flashback malware in OS X, and allowed hackers to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet. Proof of concept attacks using this vulnerability have been found to run on all platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion. What was a little worrying, is that Oracle only releases Java updates every quarter so that means that it could do a lot of damage before the company pulled its finger out. This forced some companies to issue their own private patches to this vulnerability just in case it took forever for Oracle to realise it was screwing up the internet. Now it seems that Oracle has stepped up to the mark and broken its regular release schedule to offer a patched version of the Java 7 runtime. The Java 7 Update 7 patch can be downloaded from the Java SE Downloads Web page and Oracle recommends that all users of Java 7 apply the update. http://news.techeye.net/security/ora...-vulnerability

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Google to pay Oracle $0	Stefan Mileschin	WebNews	0	22nd June 2012 07:24
Oracle to Issue 14 Patches for Java SE	Stefan Mileschin	WebNews	0	11th June 2012 07:47
Oracle Could End Up With Nothing In Suit Against Google	Stefan Mileschin	WebNews	0	17th May 2012 06:52
Oracle to kick off at Google in Java spat on Monday	Stefan Mileschin	WebNews	0	16th April 2012 06:51
Mozilla Firefox 3.0 Vulnerability	jmke	WebNews	0	19th June 2008 08:51
New Zero-Day Vulnerability In Windows	jmke	WebNews	0	6th November 2006 11:39
IE7 vulnerability discovered already	jmke	WebNews	1	20th October 2006 14:14
Symantec Posts Fix To Vulnerability	jmke	WebNews	0	29th May 2006 09:42
AMD Announces IBM and Oracle Support	Sidney	WebNews	0	25th May 2004 06:24