A total of 40 security vulnerabilities of Oracle closes with a Update for Java SE (Java Standard Edition). Almost half of this rating level Oracle with the highest risk.
With an Update for Java SE Oracle includes a total of 40 leaks. 19 leaks are classified as critical. In the Common Vulnerability Scoring System (CVSS) are considered to 10.0 with the highest value.
Of these leaks in Java 7 Update 21 and earlier, Java 6 are affected Update 45 and earlier, Java 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier. How Oracle is telling 37 of the now eliminated gaps without authentication can be remotely exploited.
By using untrusted Java Web Start applications could inject an attacker malicious code and run it. In four cases, Server installations, the run-time environment are affected.
One of the errors in the Javadoc Tool as of Version 1.5, as well as the generated HTML pages. They allow for Frame Injection, which allows an attacker Frames in a vulnerable site. In addition to the Patch Oracle also provides a Java API Documentation Updater called a Tool available to the vulnerable HTML files can be repaired.
“Oracle recommends that this critical Patch Update as soon as install, because it contains Fixes for some serious vulnerable,” the Software Security Assurance Blog of the company. “Desktop-users can use the automatic update function or Java.com visit to ensure that you are running the latest Version.”
Apple distributed since yesterday evening, the security update 2013-004 for Mac OS X 10.7 Lion and 10.8 Mountain Lion. For Mac OS X 10.6 Snow Leopard, it provides the Java Update 16. Both plugs of a total of 34 holes, and update Java to Version 6 Update 51.
[mit Material von Stefan Beiersmann, ZDNet.de]
Tip: How confident are you in safety? Check your Knowledge – with 15 questions on silicon.de