Monday, January 14, 2013
Oracle has eliminated a serious vulnerability in the Java Browser
dangerous vulnerability in the software platform, Java, said the online Oracle.
It came three days after the experts division of Homeland Security United States to counter cyber threats (US-CERT) urged users to disable the add-in Java for browsers because of the danger discovered vulnerabilities.
Vulnerability used real Trojan Mal / JavaJar-B, included with packages hacker Blackhol and NuclearPack. She attacked the system based on Windows and Linux.
In addition to the vulnerability, which experts warned US-CERT, update fixes another similar error in Java. Both vulnerabilities allow attackers to gain unauthorized access to your computer, run the arbitrary code. According to the company, the update changes the way people interact with applets, a default security level is increased to medium to high. This now means that every time you run an unsigned Java-based applications will be requested by the sanction.
The update (version Java 7 Update 11) by downloading the package from the website Oracle (http://java.com/en/download/) or by running the update via the control panel Java.
May be subject to attack computers of users who have visited through a browser-enabled Java page containing a malicious application. Both errors were awarded the highest risk rating (10 points) on a scale of CVSS, used to assess the vulnerability of information systems. Maximum score of these vulnerabilities were due to their ease of use by hackers and consequences for the attacked computers.
"Due to the severity of the vulnerabilities of their public disclosure of technical details and reports on the use of CVE-2013-0422 (bug ID) in the real Oracle strongly recommends that customers apply the update as soon as possible," - said in a statement.
As noted in Oracle, vulnerabilities are only in the add Java Browser: platform Java, performs software on the computer, as well as versions for server errors do not apply.