| Home : March 05 2013 Computer News : Oracle releases emergency fix for Java zero-day exploit |
|
Oracle releases emergency fix for Java zero-day exploit |
March 05, 2013
Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.
The vulnerabilities, identified as CVE-2013-1493 and CVE-2013-0809, are located in the 2D component of Java and received the highest possible impact score from Oracle.
“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password,” the company said in a security alert. “For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.”
The newly released updates bump Java to versions 7 Update 17 (7u17) and 6 Update 43 (6u43), skipping over 7u16 and 6u42 for reasons that weren’t immediately clear.To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2030056/oracle-releases-emergency-fix-for-java-zeroday-exploit.html
|
|
|
|
|
