Oracles releases Java patch to fix latest McRat exploit, update right now to stay safe

2013-03-06_004522

Last week two separate instances of Java zero-day vulnerabilities were reported. One, reported by Security Explorations, was not (is not) being exploited in-the-wild as far as anyone knows. The second one, however, was (is) being exploited in-the-wild to infect users with McRat trojan. Oracle has now issued an update to Java plugging the security hole exploited by that second exploit.

According to Oracle’s security bulletin, this patch addresses security issue CVE-2013-1493 — which is the previously mentioned exploit that is installing McRat on infected computers — and is applicable to Java 7 Update 15 and earlier, Java 6 Update 41 and earlier, and Java 5 Update 40 and earlier. Basically if you are running any version of Java except the latest one, you should update now to stay safe. The latest versions at the time of this writing are Java 7 Update 17 and Java 6 Update 43.

This update is Windows specific but I believe an update has also been released for Mac OS X and Linux, so if you run those operating systems be sure to check.

You can use Java’s built-in automatic updater to update or you can manually update from the link below. Be aware that Java comes bunlded with a lot of crapware, so don’t accidentally install the junk.

Java homepage

[via Oracle]

Related Posts

  • DoktorThomas

    For how many hours will this version be “safe”?

  • Steve

    Without Java you cannot create a usable MHTML file in Firefox. It looks like it was created, but it won’t open.

  • Mr.Dave

    Way too little, way too late. And they want to trick us into installing even more things we don’t want? What a sweet gesture.

    Sorry Oracle, I’m not installing the patch because I no longer have Java on my PC!

  • A&L

    Haven’t had it enabled in a long time and it hasn’t made any difference in my computer usage
    cyberfox 18
    win 7 64 bit

  • Ashraf

    [@Steve] #fail

    [@PixelWizard] Yeah, I noticed that but I have yet to receive any notifications from it.

    [@greg] Is it ever?

  • greg

    So is Java “safe” to use now?

  • PixelWizard

    Just reporting: the newest version (8) of Avast antivirus – even the free edition – includes a new module called Software Updater. It detects some of the more popular/vulnerable programs (e.g., Java and Flash) that are already on your computer and notifies you when an update of one or more is advised. It offers an easy access button to that program’s update. Great feature! It nagged me yesterday about this Java 7 Update 17, and one click of the button did the job.

  • Steve

    Tried twice to install. Both times received message that a Java .dll file was corrupt.