Oracle, yet again, has rushed to launch out yet another patch after researchers discovered more vulnerabilities in its software. The reason why Oracle rushed through the update is because it is being actively exploited “in the wild”.
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 “in the wild,” Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
The latest update puts the current versions of its software at Java 7, Update 17 and Java 6, Update 43.
According to Oracle, the bug could leave the computer open to exploitation, if a user visits a malicious webpage. And the execution of the code doesn’t require user’s permissions as well. The vulnerability exists only in Java applets.
Apple has also released a Java update for its Mac OS X users to cope up with the security glitch. You can download the Java update for OS X Lion and Mountain Lion from here.
Java has had more security lapses in the past month than Mac OS X might have had in years. Things have never looked since Oracle took over Sun Microsystem’s esteemed venture- Java. Considering the fact that billions of devices across the world use Java in one way or the other, these kinds of vulnerabilities can have a devastating effect on the inherent security model.
Developers and business enterprises now face a dilemma. They can either use Java for developing applications so that there’s inter-platform operability and not everything needs to be recoded, or they can opt for native applications that although require more rigorous, platform-specific coding, there are no compromises on security.
That being said, such vulnerabilities do not affect the developers as much as they affect people like you and me. We suggest that you either update your computer to the latest version of Java, or you disable all Java plugins in your browser. Research claims that many webpages, in order to take advantage of this exploit, have already deployed malicious Java applets that can trigger arbitrary code execution on the target machine without citing user’s permissions, and can be used to steal valuable information.