Oracle has released the next batch of updates for Java

    At the end of last week, the Facebook administration announcedthat laptops of some company employees were infected with malicious code. During the investigation of the incident, it turned out that the infection occurred through a website dedicated to the development for mobile devices, which was compromised by malicious content. When visiting this site, users were redirected to a set of exploits that installed malware on computers that were vulnerable to exploits. The Facebook security team notes that employee laptops were compromised using Java vulnerability that was not open at the time. The company emphasizes that they have no reason to believe that the attackers managed to steal any information about social network accounts or other personal information of users.



    Facebook says that after the discovery of this Java 0day, they reported to Oracle about the vulnerability found and on February 1, Oracle released a fix pack for Java number 13, 7u13 , which also covered this vulnerability.

    Such attacks were called “watering hole” or, literally, “watering hole”. In this scheme, attackers compromise a website that is visited by a large number of people. As a result, the range of users that may be vulnerable to a set of exploits, by which malicious code is delivered to vulnerable computers, is expanding significantly.

    Reuters News Released Yesterdaythat some Apple employees suffered a similar attack. Malicious code on their poppies was installed through a website that was compromised by malicious content. A set of exploits and a vulnerability in the Java browser plug-in were also used to install malware.

    Some time after this announcement from Apple, Oracle announced the release of the next set of fixes. This set includes fixes from the previous series of updates (from February 1 to February 1), plus 5 new fixes. So the current version of Java is 7u15 .

    Note: This Critical Patch Update includes all fixes provided in the Oracle Java SE Critical Patch Update February 2013, distributed on February 1, 2013, plus an additional five fixes which had been previously planned for delivery. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. Note also that Oracle has scheduled a Java SE Critical Patch Update for April 16, 2013, in addition to those previously scheduled in June and October of 2013 and in January of 2014. This additional distribution will be used to further accelerate Java security fixes to Java users.

    The Java 7u15 distribution is available for download here .


    be secure.

    Also popular now: