ID: IRCNE2011121329
Date: 2011-12-03
According to "cnet", There is a rather serious vulnerability in Java version 1.6.0_26 that is apparently being actively pursued by hackers, one that is easy to implement and allows hackers to compromise systems without being detected.
The exploit was found a couple of months ago and was addressed in the latest round of Java updates both from Oracle and from Apple for OS X users; however, many people have not yet updated their systems and hackers are working to take advantage of this flaw on these systems.
The vulnerability allows a maliciously crafted Java applet to run undetected on many browsers and allows code to execute outside of the Java sandbox with the privileges of the current user.
Security community Metasploit took a recent look at this vulnerability, and found that the exploit is run completely and successfully on all systems running Java prior to version 1.6.0_29-b11, including Windows XP, Windows 7, Ubuntu Linux, and Apple's OS X.
This is a serious issue, but luckily the last update to Java distributed by Oracle, Apple, and other companies for their operating systems includes a fix for this problem. If you keep your system fully updated and if applied the Java patch when it was released then you have nothing to worry about.
The latest Java update is available via software update tools, so be sure to run them on your system. However, you can also download the updates directly from sites like Apple's Java Update 6 for Mac OS X 10.6, and the Java Update 1 for OS X 10.7. Non-Mac users can download the update directly from Oracle.
- 2