Forgot your password?
typodupeerror
Java Security

Oracle Patches Java 7 Vulnerability 58

First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."
This discussion has been archived. No new comments can be posted.

Oracle Patches Java 7 Vulnerability

Comments Filter:
  • Was That So Hard? (Score:5, Informative)

    by rsmith-mac ( 639075 ) on Thursday August 30, 2012 @07:37PM (#41185147)
    See guys, was that so hard? Now next time you should focus on getting the patch out before it gets exploited in the wild, since you've been sitting on this exploit for the last 4 months.
  • by bogie ( 31020 ) on Thursday August 30, 2012 @08:03PM (#41185315) Journal

    Fact: Most Mac users are at this point still running Snow Leopard.

    Fact: Snow Leopard can only run Java 6 and Apple has stopped releasing security updates for it and the OS in general.

    Fact: Most Mac users are SOL.

    Sorry to be a bit trollish here but Apple, you know the richest company in history with money to burn, refuses to spend money to support an OS that is only 3 years old and that pisses me off.

  • by Anonymous Coward on Thursday August 30, 2012 @08:11PM (#41185369)

    Fact: Java 6 isn't vulnerable to this attack.

    There are other problems that they are exposed to, but this isn't one of them.

  • by OdinOdin_ ( 266277 ) on Thursday August 30, 2012 @08:14PM (#41185377)

    From what I understand of the situation Java6 is not affected (only changes made for Java 7).

    Yes you apple users should seriously make a stand on that forced upgrade or no support for you policy.

  • Re:Link? (Score:4, Informative)

    by qubezz ( 520511 ) on Thursday August 30, 2012 @09:41PM (#41185869)
    The default in Java is to check for an update every month. If you want to reduce your exposure to "30-day" exploits, it would be wise to go into the Java control panel applet and increase the update check frequency to monthly or daily if you must use Java. "Update Now" is available on the update tab of the control panel applet if you don't want to download this update from the web.
  • Re:Link? (Score:4, Informative)

    by arth1 ( 260657 ) on Thursday August 30, 2012 @10:45PM (#41186175) Homepage Journal

    The default in Java is to check for an update every month.

    Yet the java updater keeps on running in the background at all times, instead of using the OS scheduler.

  • by Anonymous Coward on Friday August 31, 2012 @02:10AM (#41186967)

    Fact: Java 6 isn't vulnerable to this attack.

    Wrong, Java 6 is affected. From the "Security Alert" [oracle.com]:

    Affected product releases and versions:
    JDK and JRE 7 Update 6 and before
    JDK and JRE 6 Update 34 and before

    But it appears Oracle did not provide a patch for Java 6 yesterday.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...