From the Oracle Software Security Assurance Blog:
March 04, 2013
Today Oracle released Security Alert CVE-2013-1493 to address two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809). One of these vulnerabilities (CVE-2013-1493) has recently been reported as being actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users' machines. Both vulnerabilities affect the 2D component of Java SE. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software. These vulnerabilities have each received a CVSS Base Score of 10.0[.
Though reports of active exploitation of vulnerability CVE-2013-1493 were recently received, this bug was originally reported to Oracle on February 1st 2013, unfortunately too late to be included in the February 19th release of the Critical Patch Update for Java SE.
Continued : https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493
* * * * * * * * * * * * * *
Security Alert for CVE-2013-1493:
Download for Java SE 7 update 17 and Java SE 6 update 43:
NOTE: The installer may present you with an option to install various products from companies Oracle has partnered with. They are completely optional and NOT part of the update.
Looking for great gifts under $100?
Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.