Home > Security > US-CERT: Java vulnerability

US-CERT: Java vulnerability


A bad (as in it’s a 10) Java vulnerability has been discovered.  Affecting Java 7 Update 10 and prior versions, this vulnerability can allow an untrusted Java applet to escalate its privileges without requiring code signing.

Currently, the only defense to this vulnerability is to disable Java in your browser.  Additional information is provided by US-CERT.

Update at 20:18 UTC 11 Jan

I good resource to follow this story is krebsonsecurity.com.

Update at 22:05 UTC 14 Jan

The US-CERT has released the following bulletin:

US-CERT Current Activity
Oracle Releases Out-of-Band Patch to Address Java 7 Vulnerability

Original release date: January 14, 2013
Last revised: January 14, 2013

Oracle has released an out-of-band patch to address the recently
announced vulnerability in Java Runtime Environment (JRE) 7. US-CERT
encourages users and administrators to review the bulletin and follow
best-practice security policies to determine which updates should be
applied.

Relevant URL(s):
<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>

<http://www.us-cert.gov/current/#us_cert_releases_oracle_java>
Advertisements
Categories: Security Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s