We wrote about the Java 0-day exploit (CVE-2012-4681) and that there is no fix available from Oracle. In the meanwhile, we have added also detection for the exploit starting with t he engine version 126.96.36.199 or higher. All Avira products detect this exploit as EXP/CVE-2012-4681.
The following versions are affected and must be upgraded to the latest version:
- JDK and JRE 7 Update 6 and before
- JDK and JRE 6 Update 34 and before
It is also possible to let Java auto-update itself, but what I found out on my system is that it is set by default to update once a month:
In order to change these settings, go to Control Panel -> Java and start the Java applet.
You will see the dialog above and there you must click on the “Advanced” button.
I suggest to change the frequency to once a week, during business hours:
Currently the update servers of Oracle are under overloaded because of too many concurrent connections. Please be patient and let the update be performed.
via Avira – TechBlog http://techblog.avira.com/2012/08/31/oracle-has-released-the-patch-for-the-java-0-day-exploit/en/
© Copyright 2012 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch