Java security update

Java Sandbox Bypass Discovered that Breaks Latest Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to deflate any good will toward Java that resulted.

Oracle Rushes Emergency Java Update to Patch McRAT Vulnerabilities

Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today’s update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15.

Oracle Patches Critical Java Flaws in 7u15

On a day when Java zero day exploits were fingered in attacks against Apple, Facebook and Twitter, Oracle released the remainder of its quarterly security patch updates for the Java platform.Five vulnerabilities were patched in Java 7 Update 15 today, all of them remotely exploitable, and three of them rated of the highest criticality by Oracle.

Oracle’s emergency Java update this weekend for a zero-day sandbox bypass vulnerability hasn’t exactly kicked off a love-fest for the company among security experts. Researchers are still cautious about recommending users re-enable the ubiquitous software, despite the availability of the fix for the latest zero-day to target the platform. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.