Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Intel Partner Connect Digital Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

Oracle Issues Emergency Java Update In Wake Of Ongoing Attacks

The latest security update for Java repairs two vulnerabilities that have been detected in attacks in the wild, Oracle said in its advisory.

Both flaws affect the Java component in Web browsers. FireEye detected one the vulnerabilities last week and indicated that it was being used to spread a remote access Trojan onto victim's computers, giving cybercriminals full control of the machine.

Both vulnerabilities affect the 2D component of Java SE, wrote Eric Maurice, Oracle's director of software assurance, in the company blog. The flaws are relatively easy for an attacker to exploit, which increases the likelihood of more widespread attacks targeting them.

[Related: Malware Rising: Trojans Dominate Rankings, Study Finds ]

Maurice said the flaw was originally reported to Oracle Feb. 1, but it was received too late to be included in a security update issued Feb. 19. "In light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert," Maurice wrote.

Attacks targeting the coding error were detected on malicious websites. "Successful exploits can impact the availability, integrity, and confidentiality of the user's system," Oracle said in its security advisory.

The update can be applied by desktop users at Java.com. Maurice said Oracle has switched security settings to "high" by default, requiring users to authorize the execution of Java applets in the browser.

Oracle has increasingly come under pressure to address Java security issues. A researcher on Monday issued a warning about potentially five other Java zero-day vulnerabilities. Poland-based Security Explorations said the coding errors could be used to bypass browser sandboxing restrictions for Java.

Oracle issued its last Java update Feb. 19 and addressed five vulnerabilities for the Java browser component. The security issues impacting Java has prompted Apple to blacklist outdated Java plug-ins in Safari.

PUBLISHED MARCH 4, 2013

Back to Top

Video

 

sponsored resources