Oracle responds with emergency update to Java vulnerability
Oracle has just published without comment the Java version 7 Update 7, the fix is apparently a highly critical vulnerability, which is already being actively exploited to attack. The corresponding security alert on the manufacturing side was empty on Thursday evening, a first test by heise Security, however, showed that the exploit in its known form after the update is actually blocked. Also, a modified version of our exploit was stopped in time.
Those who have Java installed on their system should install the new version of Java immediately. The security issue exists in Java 6 Update 7 through in conjunction with all supported operating systems and browsers. By the vulnerability, an attacker can take control of the computer and install some malicious code when ansurft a malicious web site.
Oracle has the above mentioned security alert now filled with content. This confirms our observation, after the above-described security issue has been resolved. Overall, the company has entered in this context four vulnerabilities. Three of the gaps have the highest severity of 10.0.
Oracle thanks among other things at the security expert Adam Gowdiak for the detection of gaps and thus indirectly confirmed his statement that the company is already informed about the vulnerability since April. The fourth vulnerability is also Java 6, but only has a severity of 0.0, because it is not in itself exploitable. They will be closed in version 6 branch with the update 35th
Also based on the OpenJDK Java runtime environment IcedTea there was an update due to the vulnerability. The fixed version is 2.3.1.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment