Security Alert for CVE-2013-0422 Released
Oracle has released Security Alert CVE-2013-0422 to address the flaw in Java software integrated with web browsers. More information about this Security Alert is available on https://blogs.oracle.com/security. This is a blog that discusses when the bug was reported and actions that Java users need to take to secure their systems.
Java SE 7 Update 11 Released
This release includes important security fixes. Oracle strongly recommends that all Java SE 7 users upgrade to this release. See the Oracle Security Alert to learn more.
Release Notes Download
This is the best link for most users to download.
Threat Alert – Jan 14th, 2013
A new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle’s Java 7 and affects even the latest version of the runtime (7u10). The malware has currently been seen attacking Windows, Linux and Unix systems.
The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java. An attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems.
Developers of several popular hacker tools, known as exploit kits, used to attack PCs, have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
Users can immediately protect themselves in the following ways:
• STOPzilla users will be delivered a patch today which prevents the infection as part of their normal update service.
• By disabling Java content in their browser
• Downloading the latest version of Java: https://java.com/en/download/java_update.jsp
To disable Java in your browser Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in.
Read more about the threat and Oracle’s fix at Foxnews.com or at CNN.com.