Oracle classifies the vulnerability as critical. Prone to Java SE 7 and 8 for Windows, Mac OS X, Linux and Solaris. An attacker would have the opportunity to take complete control of an affected System.
The unscheduled Update for Java SE, published by Oracle now, to eliminate a critical-rated vulnerability. According to the company, you can remotely and without authentication exploit, malicious code to inject and execute. An attacker must entice his victim only on a specially prepared site. Affected are Java SE 7 Update 97 and earlier, and Java 8 Update 73 and 74 for Windows, Mac OS X, Linux, and Solaris.The vulnerability is assessed in ten-point Common Vulnerability Scoring System (CVSS) with 9.3 points.
“A successful attack on the gap may lead to an unauthorized Takeover of the operating system, including the carrying out of malicious code,” writes Oracle in an Advisory.
Since the technical Details of the vulnerability were published, according to Oracle, the company advises all users of urgent, to install the Update as soon as possible. Oracle distributes the bugs in this Version Java SE 8 Update 77 via the automatic update function of the runtime environment. But it can also be manually downloaded from the Oracle Website. The current versions of the Java Development Kit and the Server Java Runtime Environment is also available. Updates for Java SE 7 Oracle only available to customers who have purchased Java Support.
It is the second Time this year, Oracle updated its Java Software unscheduled. At the beginning of February, it removed a critical-rated vulnerability, which allowed an attacker to take complete control of an affected System. Regular Oracle stuffs four times in the year of the holes in its Software. The next Update is for the 19. April planned.
[Mit Material von Stefan Beiersmann, ZDNet.de]