- dotTech - http://dottech.org -

Oracles releases patch to fix Java exploits, update to Java 7u7 or Java 6u35 to stay safe

Posted By Ashraf On August 30, 2012 @ 9:07 PM In Windows | 13 Comments


Oracle [2] has released an update to Java 7 for Windows, Mac OS X, and Linux that patches security vulnerabilities. Oracle says the Java 7u7 (v1.7.0_07) update fixes security issues related to CVE-2012-4681 plus two other vulnerabilities.

Update: Looks like this “fix” isn’t a very good fix at all — a new vulnerability has been found [3].

According to the security bulletin Oracle released, this patch addresses the following:

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.

Now, after reading the above, you must be thinking if this update patches the recently reported Java 7 bug [4]. Seeing as Oracle’s security bulletin claims this update fixes a CVE-2012-4681 exploit and other vulnerabilities that relate to infections via the web browser, and Oracle gives credit to Adam Gowdiak of Security Explorations for the vulnerability alert, my educated guess is yes the Java 7u7 update does patch it. It took them four months [5] but they finally got it done. However, regardless of what exactly is fixed it is always a good idea to keep your Java [6] up-to-date because, as you can tell, there are many security vulnerabilities that you don’t want hanging around.

For those of you who prefer to stick to Java 6, Oracle also released a security update to Java 6 bringing the latest version of Java 6 to Java 6u35 (or Java v1.6.0_35).

Both Java 7u7 and Java 6u35 can be installed via Java’s built-in automatic updater or you can manually grab them from Oracle’s website — check out the link below.

Java download page [7]

[Thanks Grantwhy [8]!]

Article printed from dotTech: http://dottech.org

URL to article: http://dottech.org/77950/oracles-releases-patch-to-fix-java-exploits-update-to-java-7u7-or-java-6u35-to-stay-safe/

URLs in this post:

[1] Image: http://dottech.org/wp-content/uploads/2012/08/java_logo.jpg

[2] Oracle: http://dottech.org/tag/oracle

[3] new vulnerability has been found: http://dottech.org/windows/78077/new-vulnerability-is-found-in-latest-java-7u7-your-computer-can-be-remotely-hijacked-again/

[4] recently reported Java 7 bug: http://dottech.org/windows/77807/new-java-7-exploit-allows-hackers-to-install-malware-on-windows-mac-os-x-and-linux-only-fix-currently-is-to-disable-java/

[5] took them four months: http://dottech.org/tech-news/77910/oracle-knew-about-critical-java-vulnerabilities-four-months-prior-to-attack-says-security-firm/

[6] Java: http://dottech.org/tag/java

[7] Java download page: http://www.oracle.com/technetwork/java/javase/downloads/index.html

[8] Grantwhy: http://dottech.org/windows/77807/new-java-7-exploit-allows-hackers-to-install-malware-on-windows-mac-os-x-and-linux-only-fix-currently-is-to-disable-java/comment-page-1/#comment-675092

© 2008-2012 dotTech.org | All content is the property of its rightful owner.