Oracle patches Java vulnerability
 

Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers.

The flaw was announced last week after it was used by hackers in targeted attacks on Windows.

The flaw was similar to the recent Flashback malware in OS X, and allowed hackers to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Proof of concept attacks using this vulnerability have been found to run on all platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion.

What was a little worrying, is that Oracle only releases Java updates every quarter so that means that it could do a lot of damage before the company pulled its finger out.

This forced some companies to issue their own private patches to this vulnerability just in case it took forever for Oracle to realise it was screwing up the internet.

Now it seems that Oracle has stepped up to the mark and broken its regular release schedule to offer a patched version of the Java 7 runtime.

The Java 7 Update 7 patch can be downloaded from the Java SE Downloads Web page and Oracle recommends that all users of Java 7 apply the update.

http://news.techeye.net/security/ora...-vulnerability