Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Patches Java Again In Response to Online Attacks

For the third time in less than a month, organizations and home users who are still using Java, for whatever reason that may be, now need to apply yet another update. This latest patch, released Monday, addresses a bug that was first reported more than a month ago.

For the third time in less than a month, organizations and home users who are still using Java, for whatever reason that may be, now need to apply yet another update. This latest patch, released Monday, addresses a bug that was first reported more than a month ago.

Oracle’s latest Java patch fixes vulnerabilities in JRE and JDK 7 Update 15 or earlier; JRE or JDK 6 Update 41 or earlier; and JRE and JDK 5.0 Update 40 and earlier. As mentioned, the main bug was submitted in early February – with the main flaw being CVE-2013-1493.

According to a company blog post, though reports of active exploitation were recently received, the bug outlined by CVE-2013-1493 was reported on February 1, somethining Oracle said was too late to be included in the February 19th release of the Critical Patch Update for Java SE.

“The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE… However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert.”

On Friday, SecurityWeek reported that researchers with Symantec and FireEye said that the latest Java flaw was linked to the attack against security firm Bit9 last month. That breach, as was reported, centered on the company’s internal policy issues, as in they were not followed.

For now, if you still cannot find a reason to just walk away from Java, Oracle urges you or your organization to apply this patch with no further delay. As is the case with most Java flaws, this one too will target only the systems where Java is being used in the browser, so Oracle server-based software, embedded Java apps, desktop Java apps, or sever-based installations of Java are not being singled out.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.