Java SE for Windows has a leak, the attacker remotely without authentication, a System can take on. However, the leak should be not to exploit quite easily.
Java suffers from a critical leak and Oracle released for non-scheduled, in Java SE 6, 7 and 8 of the Patch. An attacker could inject under certain circumstances, malicious code, execute, and complete control of an affected System. The 10-point Common Vulnerability Scoring System (CVSS) rating of the vulnerability, however, only 7.6 points. It is according to Oracle, it is very expensive to exploit this.
The error is in the following versions: JDK and JRE 6 Update 111, JDK and JRE 7 Update 95 and JDK and JRE 8 Update 71 and 72. He can, however, only during the Installation of the Java SE take advantage of. Before a Hacker needs to trick the victim to visit a malicious Website and specially crafted files to download.
Oracle also points out that the vulnerability remotely and without authentication you can take advantage of. Is affected only Java SE for Windows.
Users of the published in January, the versions of Java already, companies, according to Oracle’s Advisory nothing. “Java-users who have not installed the Critical Patch Update versions of Java SE 6, 7, or 8 in January 2016, will need to Upgrade”, – stated in the Release Notes for Java SE 8. The company also suggests to replace stored older Java Installer, the error-adjusted versions of Java SE 6 Update 113, 7 Update 97, and 8 Update 73.
It is just under three weeks, the Oracle had stuffed a total of 248 security holes in its products. Eight of them were in Java SE, with three of the highest CVSS risk assessment of 10.0 was. Oracle’s next regular patch Tuesday takes place on the 19. April instead.
[mit Material von Stefan Beiersmann, ZDNet.de]
Tip: Do you know the history of computer viruses? Check your Knowledge – with 15 questions on silicon.de
