1 min read

Oracle releases fix for Java Zero-Day Vulnerabilities

Loredana BOTEZATU

August 31, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Oracle releases fix for Java Zero-Day Vulnerabilities

Oracle has released an emergency security alert to patch the controversial CVE-2012-4681 vulnerability and two others in Java 7 running in web browsers on desktops. Standalone Java desktop applications and Java running on servers were not vulnerable.

“Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 `in the wild,` Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.” advised the company.

Image Credit: Oracle

In the past few days, the security community has been informing users of these vulnerabilities and firmly advised them to uninstall Java from their browsers. Bitdefender Labs estimated that nearly 3 billion people were vulnerable to these bugs and HotForSecurity kept readers informed of developments from day one here and here.

Oracle explains in the Security Alert that “these vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability.”

This patch protects Internet users against further exploitation of these three vulnerabilities that have already been used in targeted attacks and were available for purchase on underground forums in the Metasploit tool and Blackhole exploit kit for all those willing to pay for a cyber-attack gizmo.

Unfortunately, some computer users will remain vulnerable to these and other tools. Many people fail to update their software despite loud media and security industry information campaigns.

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader