Send to Kindle

OracleOn a day when Java zero day exploits were fingered in attacks against Apple, Facebook and Twitter, Oracle released the remainder of its quarterly security patch updates for the Java platform.

Five vulnerabilities were patched in Java 7 Update 15 today, all of them remotely exploitable, and three of them rated of the highest criticality by Oracle.

Today’s fixes come 19 days after Oracle accelerated its regularly scheduled patch release to Feb. 1. That was in response to a zero-day exploit discovered Jan. 9 in a number of popular exploit kits; the exploits bypassed the Java sandbox. An emergecy Java update was relased Jan. 17, but it was incomplete, according to a number of researchers who were still able to bypass the sandbox security protections innate to the platform.

The three most severe vulnerabilities (CVE-2013-1487, CVE-2013-1486 and CVE-2013-1484) apply only to client deployments of Java, Oracle. said.

“This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets,” Oracle said in its advisory, adding that both run in the sandbox with limited privileges. “Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible.”

Apple, meanwhile, has pushed out a new version of Java 6 for Mac OS X users that removes the Java plug-in, forcing users to go to Oracle for Java downloads if so desired. The move is in response to a breach disclosure today from Apple, which admitted a number of Mac machines belonging to Apple employees were compromised by Java exploits. Apple said the attackers were the same group who hacked Facebook, which admitted a similar breach last Friday, and Twitter, which did likewise on Feb. 1.

Send to Kindle
Categories: Vulnerabilities

Comments (8)

  1. Lexie
    1

    Java and Flash are such pains!  My Windows Vista computer doesn’t handle updates efficiently so I have to do it manually each time for both Java and Adobe Flash Player because it doesn’t always remove the previous versions, usually causing conflicts.

  2. Lexie
    2

    Java and Flash are such pains!  My Windows Vista computer doesn’t handle updates efficiently so I have to do it manually each time for both Java and Adobe Flash Player because it doesn’t always remove the previous versions, usually causing conflicts.

  3. Lexie
    3

    Java and Flash are such pains!  My Windows Vista computer doesn’t handle updates efficiently so I have to do it manually each time for both Java and Adobe Flash Player because it doesn’t always remove the previous versions, usually causing conflicts.

  4. Anonymous
    4

    Flash donot come with this level of threat. It is purely ment for browser. On the contrary more power is given to Java and “With More Power comes Great Responsibility”. but It is in the verge of failing to fulfil the responsibility and hence causing confidence-lose in users.

    Lets wait for a complete fix. Hackers ethical/unethical will always find their ways.

     

  5. John L
    5

      I can’t even find the place on Oracle that will fix anything let alone patch some of this shit

  6. I'm not anonymous
    6

    After update 7U15 on my three browsers (IE9, Nightly 22.0a1 and Chrome 25.0.1364.84 Beta-M) are fine and works, zero issues.

    ;)

  7. Seth @ Firebox Training
    7

    It’s a good thing they patched it soon. These zero day exploits were a bit too much to handle. Hopefully there won’t be any more of those.

  8. Anonymous
    8

    John I feel your derision and pain. I still can’t figure out why they can’t have a simple download like Microsoft-SIMPLE

    Best regards  always

Comments are closed.