Oracle Releases Security Update for Java SE

Oracle has released a security update for Java SE that addresses a vulnerability present in its previous versions. Oracle states that the exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Oracle further states that this vulnerability only apples to Java SE running in web browsers, and is not applicable to Java deployments in servers or standalone desktop applications that load and run only trusted code. Oracle further states that this vulnerability does not affect Oracle server-based applications. Users and administrators are advised to update their versions of Java SE as early as possible.

Details of the Vulnerability

Oracle states that this vulnerability affects Java SE running on web browsers only. This vulnerability is reported to be remotely exploitable without authentication, and therefore exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to view a malicious web page that leverages this vulnerability. Successful Exploits can impact availability, integrity, and confidentiality of the user’s system.

Affected Products

The following versions of Oracle Java SE are affected. This is true for versions for Windows, Solaris, Linux, and Mac OS X.

  • Java SE 7 Update 97
  • Java SE 8 Update 73
  • Java SE 8 Update 74

Recommended Course of Action

Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. In this regard, the following actions are recommended. Developers can download the latest release from http://www.oracle.com/technetwork/java/javase/downloads/index.html Windows users running Java SE with a browser can either use Automatic Updates or download the latest release from http://java.com.

More Information

Oracle’s security advisory on this update is available on the page http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html .

logofooter2

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact