Oracles releases Java patch to fix latest McRat exploit, update right now to stay safe


Last week two separate instances of Java zero-day vulnerabilities were reported. One, reported by Security Explorations, was not (is not) being exploited in-the-wild as far as anyone knows. The second one, however, was (is) being exploited in-the-wild to infect users with McRat trojan. Oracle has now issued an update to Java plugging the security hole exploited by that second exploit.

According to Oracle’s security bulletin, this patch addresses security issue CVE-2013-1493 — which is the previously mentioned exploit that is installing McRat on infected computers — and is applicable to Java 7 Update 15 and earlier, Java 6 Update 41 and earlier, and Java 5 Update 40 and earlier. Basically if you are running any version of Java except the latest one, you should update now to stay safe. The latest versions at the time of this writing are Java 7 Update 17 and Java 6 Update 43.

This update is Windows specific but I believe an update has also been released for Mac OS X and Linux, so if you run those operating systems be sure to check.

You can use Java’s built-in automatic updater to update or you can manually update from the link below. Be aware that Java comes bunlded with a lot of crapware, so don’t accidentally install the junk.

Java homepage

[via Oracle]

Related Posts