• Java Update fixes Critical Security Vulnerabilities 3-5-13
Skip to end of metadata
Go to start of metadata

Alert Number: 3513-01
Alert Date: 3/5/13
Alert Title: Java Update fixes Critical Security Vulnerabilities
Update-to: None.

OS/Platform/Application:

Oracle Systems Java
Category: ALERT
Severity: HIGH

Summary: Oracle systems has released an update for its popular Java application.  Java 7 update 17 fixes a pair of critical security vulnerabilities - one (or possibly both) of which are currently being actively exploited on the Public Internet.  This update has been released ahead of schedule due to the active and critical ("0 day") nature of the exploitation of this vulnerability.   Apple has released its own Java update for Mac OS X systems as well - see link at bottom of page for more information.

NOTE:
Vulnerabilities in Java are a common method for attackers to gain control over an otherwise patched computer.

Java technology is commonly used by web browsers to provide interactive content via small programs called applets or plugins.  Many web browsers have Java products installed on them unbeknownst to the user.  It can sometimes be difficult to determine if Java is present on a computer (and if so what version or version or versions are running).

Users can check for the presence of Java on their computer (and current running version or versions) by visiting one of the weblinks listed in the "Resources" section below.

 
Recommended Actions: Java products users as well as System Administrators are encouraged to check their systems for the current version of Java and update as soon as possible (if necessary).  *The Verification pages below feature built-in upgrade links*.

Please NOTE that some common browsers (e.g., Internet Explorer, Firefox) may automatically block Java functionality by default and therefore interfere with the detection of current version and/or installation of updates.  Users should follow the prompts and instructions provided in the web pages or browser popups to proceed with the version check.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Java Verification page (use this to determine if your machine is running Java and which version is installed): http://java.com/en/download/installed.jsp

Java Test page (alternate to above): http://www.java.com/en/download/help/testvm.xml

Java 7 Update 17 release notes: http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html

Apple Security Advisory (Java for OS X 2013-002 and Mac OS X v10.6 Update 14) http://support.apple.com/kb/HT5677