Oracle releases software update to fix Java vulnerability

[JMH]

Oracle released an emergency software update today to fix a security vulnerability in its Java software that could give allow attackers to break into computers.

The update, which is available on Oracle's Web site, fixes a critical vulnerability in Oracle's Java 7 that could allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole.

Oracle said the update modifies the way Java interacts with Web applications.

Oracle releases software update to fix Java vulnerability | Security & Privacy - CNET News

 

[Deejay100six]

I only installed Java 3 days ago as I'm running a fairly new install of Windows 7. Forgot to turn the auto update feature off so it updated to 7, u11 yesterday. I assume this means I'm covered?

 

[satrow]

Only if you have no earlier versions still lurking and only until the next 'fix' comes along, expect another one within 24 hours or so ...

I'd uninstall Java completely; only install it if you really, really have to - even then, disable it in the browsers, enable it only when needed (on trusted sites only), disable it again straight away once done with it.

 

[Deejay100six]

Ok, thanks mate.

 

[satrow]

Claims of a new 0day vulnerability which affects the latest 'patched' Java: New Java Exploit Fetches $5,000 Per Buyer ? Krebs on Security

Didn't take very long, did it?