Oracles releases Java patch to fix latest McRat exploit, update right now to stay safe

2013-03-06_004522

Last week two separate instances of Java zero-day vulnerabilities were reported. One, reported by Security Explorations, was not (is not) being exploited in-the-wild as far as anyone knows. The second one, however, was (is) being exploited in-the-wild to infect users with McRat trojan. Oracle has now issued an update to Java plugging the security hole exploited by that second exploit.

According to Oracle’s security bulletin, this patch addresses security issue CVE-2013-1493 — which is the previously mentioned exploit that is installing McRat on infected computers — and is applicable to Java 7 Update 15 and earlier, Java 6 Update 41 and earlier, and Java 5 Update 40 and earlier. Basically if you are running any version of Java except the latest one, you should update now to stay safe. The latest versions at the time of this writing are Java 7 Update 17 and Java 6 Update 43.

This update is Windows specific but I believe an update has also been released for Mac OS X and Linux, so if you run those operating systems be sure to check.

You can use Java’s built-in automatic updater to update or you can manually update from the link below. Be aware that Java comes bunlded with a lot of crapware, so don’t accidentally install the junk.

Java homepage

[via Oracle]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

8 comments

  1. Mr.Dave

    Way too little, way too late. And they want to trick us into installing even more things we don’t want? What a sweet gesture.

    Sorry Oracle, I’m not installing the patch because I no longer have Java on my PC!

  2. PixelWizard

    Just reporting: the newest version (8) of Avast antivirus – even the free edition – includes a new module called Software Updater. It detects some of the more popular/vulnerable programs (e.g., Java and Flash) that are already on your computer and notifies you when an update of one or more is advised. It offers an easy access button to that program’s update. Great feature! It nagged me yesterday about this Java 7 Update 17, and one click of the button did the job.