Security Alert (A16-02-03): Vulnerability in Oracle Java


 

Published on: 11 February 2016

  
  

Description:

Oracle has published a security advisory to address a security vulnerability found in Java SE. To exploit the vulnerability, an attacker could entice a user to open a specially crafted web page and download files into the user’s system before installing a vulnerable version of Java SE 6, 7 or 8.


Affected Systems:

Oracle Java SE

  • JDK and JRE 6 Update 111, JDK and JRE 7 Update 95, JDK and JRE 8 Update 71, 72 on Windows

Impact:

A successful attack could lead to compromise of a vulnerable system.


Recommendation:

Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Java Platform SE 8 (JDK and JRE 8 Update 73)
    http://www.oracle.com/technetwork/java/javase/downloads/index.html

Java SE 6 and 7 had reached its End-Of-Life (EOL) already. Users should consider upgrading to the latest Java SE versions or contact their product support vendors for extended support in Java SE 6 and 7 with charged service.

More Information:

http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
https://www.hkcert.org/my_url/en/alert/16021114
https://www.us-cert.gov/ncas/current-activity/2016/02/08/Oracle-Releases-Security-Updates-Java
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0603



Tag: Oracle , Java
Tags