We wrote about the Java 0-day exploit (CVE-2012-4681) and that there is no fix available from Oracle. In the meanwhile, we have added also detection for the exploit starting with t he engine version 8.2.10.148 or higher. All Avira products detect this exploit as EXP/CVE-2012-4681.
Finally, Oracle released now the Patch 7 for the JRE version 1.7.
The following versions are affected and must be upgraded to the latest version:
- JDK and JRE 7 Update 6 and before
- JDK and JRE 6 Update 34 and before
It is also possible to let Java auto-update itself, but what I found out on my system is that it is set by default to update once a month:
In order to change these settings, go to Control Panel -> Java and start the Java applet.
You will see the dialog above and there you must click on the “Advanced” button.
I suggest to change the frequency to once a week, during business hours:
Currently the update servers of Oracle are under overloaded because of too many concurrent connections. Please be patient and let the update be performed.
Sorin Mustaca
via Avira – TechBlog http://techblog.avira.com/2012/08/31/oracle-has-released-the-patch-for-the-java-0-day-exploit/en/
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch