Another Out-of-Band Critical Java Security Update

[Corrine]

Although Oracle was planning to wait until April to update Java to address CVE-2013-1493, Java 7 Update 17 was released by Oracle today. Security Alert CVE-2013-1493 addresses two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809).

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download: Java Version 7 Update 17
Verify your version: How do I test whether Java is working on my computer?

Note: As always, watch for unnecessary pre-checked options included with the installation.

To check your Java security settings, see the instructions at Another Out-of-Band Critical Java Security Update.

 

[JMH]

Five more holes reported in Java

A security researcher claims to have found five, new vulnerabilities in Oracle's Java technology that could allow a malicious hacker to bypass safety features in the latest version of the Java technology.

If used in concert, the five security holes could enable an attacker to run malicious code outside of the Java "sandbox," a virtual container that is used to run untrusted code. That, according to a post on the Full-Disclosure security discussion list on Monday by Adam Gowdiak of the Polish security firm Security Explorations.

Java is a ubiquitous technology that runs on billions of devices and web pages which has made it a popular target for cyber criminals and otherwise motivated attackers. Recently, exploits for previously unknown ("zero day") holes in Java have been used in targeted attacks against developers at Twitter, Facebook, and Apple, breaching the security of those organizations. An exploit of a separate Java "zero day" is believed to be linked to the hack at security firm Bit9, which resulted in a malicious program being added to Bit9's "whitelist" of approved applications.

Five more holes reported in Java | ITworld