Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Oracle Updates Java (Java 7 Update 15, Java 6 update 41) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle Updates Java (Java 7 Update 15, Java 6 update 41)

(I originally wrote "update 14", but turns out this is update 15)

Oracle released update 15 for Java 7 and update 41 for Java 6 today. I haven't seen any specific security content yet, but Oracle states that "The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0" , which is the maximum possible score and indicates remote compromisse.

Apple users: If you think you are safe, check today's news about how Apple itself got compromissed via a Java vulnerability (maybe this is why Apple was so quick in disabling the Java plugin via X-Protect).

http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html

once you are done patching (if you still have Java installed), head to browsercheck.qualys.com to make sure all the other plugins are up to date)

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3603 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!