Security problems are not new to Java, though it is, admittedly, not the only platform that suffers from these problems. Now Oracle has acknowledged a new hole and it is bad enough to issue an out of cycle emergency patch.
With the catchy name of CVE-2016-0603, the security flaw requires the user to access a malicious website and accept the download of Java version 6, 7 or 8 in order to become infected. However, for those who fall for it, the attack will allow for a total compromise of the system.
“Because the exposure exists only during the installation process, users need not upgrade existing Java installations to address the vulnerability. However, Java users who have downloaded any old version of Java prior to 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later”, writes Eric Maurice of Oracle.
This is just the latest in a long line of patches from Oracle, a company that only recently had to issue 248 patches at once. The actual bug is not revealed so as to keep it away from potential malicious use. The good news in all of this is that an attack seems unlikely given the need to be lured to a particular site and then to download a version of Java that isn’t coming from Oracle.
Photo Credit: Balefi
Original URL: http://feeds.betanews.com/~r/bn/~3/P_6PgxWPjcE/