Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Patches Java Again In Response to Online Attacks

For the third time in less than a month, organizations and home users who are still using Java, for whatever reason that may be, now need to apply yet another update. This latest patch, released Monday, addresses a bug that was first reported more than a month ago.

For the third time in less than a month, organizations and home users who are still using Java, for whatever reason that may be, now need to apply yet another update. This latest patch, released Monday, addresses a bug that was first reported more than a month ago.

Oracle’s latest Java patch fixes vulnerabilities in JRE and JDK 7 Update 15 or earlier; JRE or JDK 6 Update 41 or earlier; and JRE and JDK 5.0 Update 40 and earlier. As mentioned, the main bug was submitted in early February – with the main flaw being CVE-2013-1493.

According to a company blog post, though reports of active exploitation were recently received, the bug outlined by CVE-2013-1493 was reported on February 1, somethining Oracle said was too late to be included in the February 19th release of the Critical Patch Update for Java SE.

“The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE… However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert.”

On Friday, SecurityWeek reported that researchers with Symantec and FireEye said that the latest Java flaw was linked to the attack against security firm Bit9 last month. That breach, as was reported, centered on the company’s internal policy issues, as in they were not followed.

For now, if you still cannot find a reason to just walk away from Java, Oracle urges you or your organization to apply this patch with no further delay. As is the case with most Java flaws, this one too will target only the systems where Java is being used in the browser, so Oracle server-based software, embedded Java apps, desktop Java apps, or sever-based installations of Java are not being singled out.

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.