Emergency Java Security Patch – Update Now!
Oracle released another Java fix to patch the vulnerabilities uncovered this week. In a Security Alert for CVE-2013-1493, the company advises all users to install the security patch as soon as possible considering the “severity of these vulnerabilities.”
This particular update addresses a vulnerability known as CVE-2013-1493 (US-CERT VU#688246) and a security issue “affecting Java running in web browsers,” affecting Java versions 1.5 Update 40, 1.6 Update 41 and 1.7 Update 15.
“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password,” the Oracle alert reads. “For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.”
Java installed on servers, standalone Java desktop applications, embedded Java applications or Oracle server-based software are NOT affected by the precise bugs.
Install this latest update immediately, or make sure the automated update system has already installed it. High profile targets such as Twitter, Facebook and Apple have already experienced the perils of these Java vulnerabilities being actively exploited by criminals. Crooks include exploits for these bugs in crime kits and use them to launch targeted attacks against, for instance, employees of valued companies so they can breach corporate security and gain access to private data.