Spyware, Viruses, & Security forum


Java SE 7 Update 17 and Java SE 6 Update 43 Released

by Carol~ Forum moderator / March 4, 2013 7:52 AM PST

From the Oracle Software Security Assurance Blog:

March 04, 2013

Today Oracle released Security Alert CVE-2013-1493 to address two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809). One of these vulnerabilities (CVE-2013-1493) has recently been reported as being actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users' machines. Both vulnerabilities affect the 2D component of Java SE. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software. These vulnerabilities have each received a CVSS Base Score of 10.0[.

Though reports of active exploitation of vulnerability CVE-2013-1493 were recently received, this bug was originally reported to Oracle on February 1st 2013, unfortunately too late to be included in the February 19th release of the Critical Patch Update for Java SE.

Continued : https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493

* * * * * * * * * * * * * *

Security Alert for CVE-2013-1493:

Download for Java SE 7 update 17 and Java SE 6 update 43:

Version Test:

NOTE: The installer may present you with an option to install various products from companies Oracle has partnered with. They are completely optional and NOT part of the update.

Post a reply
Discussion is locked
You are posting a reply to: Java SE 7 Update 17 and Java SE 6 Update 43 Released
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Java SE 7 Update 17 and Java SE 6 Update 43 Released
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Java SE7 Update and Java SE6 Update 43 Released
by Big Steve / March 4, 2013 8:07 AM PST
I follow Malwarebytes on Facebook and I read on their page several weeks ago an article about Java; that Java could cause security risks to PCs with various browsers; I have 3 installed but atm I'm only using Google Chrome so I asked Malwarebytes on Fb if I should remove everything I have on my computers that are "Java"; Malwarebytes never answered my question nor did anyone else on their Fb page. So now that I'm here I'll ask you; should I remove Java from my 2 computers? I seem to get an update for Java almost every week but right now I have ignored them. Feedback would be appreciated.
Collapse -
It's Already Been Discussed..
by Grif Thomas Forum moderator / March 4, 2013 9:36 AM PST
Collapse -
IF you have any further doubts ..
by Carol~ Forum moderator / March 5, 2013 11:53 PM PST

IF you have any further doubts after reading what Grif posted, I would suggest reading what was posted yesterday ...

Attackers Beat Java Default Security Settings with Social Engineering

It says in part......

"Yesterday, a Java exploit was found on a German online dictionary compromised by the g01pack Exploit Kit, researcher Eric Romang said. The attack pretends to be a signed ClearWeb Security Update from Clearsult Consulting Inc., a legitimate Texas consultancy. The dialog box presented to the user spoofs the conventions used by the Oracle/Java dialog box that a user would see for a trusted signed Java applet, which encourages the user to trust the applet and run the executable. The dialog box for an untrusted applet has much sterner language, warning that a digital signature could not be verified.

Savvy users who might be inclined to click More Information and Certificate Details tabs presented by the dialog box associated with the malicious applet would see more social engineering regarding the trustworthiness of the Java app. So while the applet did not automatically execute, attackers are trying the next best avenue to exploit it with convincing language hoping the user executes the applet for them.

The kicker in this case, according to Romang, is that the certificate used in the attack was signed with a stolen private key and the certificate was revoked by GoDaddy on Dec. 7, according to Avast security researcher Jindrich Kubec."

More here: https://threatpost.com/en_us/blogs/attackers-beat-java-default-security-settings-social-engineering-030513

And here: Cybercriminals using digitally signed Java exploits to trick users

You say .. 'I asked Malwarebytes on Fb if I should remove everything'. It's a decision you need to make. You would know what applications or sites require its use. And if (you feel) it's imperative to keep it. If not, I would .. dump it! (Here are some answers to questions you might have.)

IF you should decide to keep it installed, please do not ignore the updates, as you say you have been doing as of late.

Best of luck..

Collapse -
Re: IF you have any further doubts ..
by Big Steve / March 6, 2013 8:20 AM PST

I went to Control Panel last night and uninstalled everything labeled Java. I hope that will stop those pop up messages from Java. Another question; this Dell Vostro 1510 laptop has Windows Vista and web pages are taking forever to open up; the little blue wheel keeps spinning and spinning and spinning before web pages finally open up. I have AT&T's fastest DSL speed; Extreme 6.0. This has not been a problem until recently. What could be causing this?

Big Steve
Collapse -
Great! Glad to see you removed Java...
by Carol~ Forum moderator / March 7, 2013 12:08 AM PST

Big Steve..

I think you made the right choice. Happy You should no longer see update reminders. But IF you do, JavaRa should rid you of the remnants, which are causing the notifications. (You will need to "Run as Administrator") .

If for any reason JavaRa doesn't remove all the leftovers, the Revo Uninstaller will surely do the job.

As far as your other question is concerned. I hope you don't mind my asking to create a separate thread for your slow loading pages issue. I'd like to keep this thread dedicated to Java.

With the above said, I see you noted in a prior post that you've been experiencing slowdown issues for the past 6 months. If it's the same issue, I would include the information in your new post. I would also add what you have running in real-time. (If you feel it's malware-related, feel free to post at this forum)

Best of luck..

Collapse -
Re: Great! Glad to see you removed Java...
by Big Steve / March 7, 2013 6:55 AM PST



Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.