MA-297.022012 : MyCERT Alert - Multiple Critical Vulnerabilities in Oracle Java SE Date first published: 2012-02-15 1.0 Introduction Multiple critical vulnerabilities have been identified in Oracle Java SE. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. [1] 2.0 Impact An attacker who has successfully exploited these vulnerabilities such as by tricking the users to visit a website with a malicious java applets, could execute code remotely and gain the same privilege as the user. 3.0 Affected Products - JDK and JRE 7 Update 2 and earlier
- JDK and JRE 6 Update 30 and earlier
- JDK and JRE 5.0 Update 33 and earlier
- SDK and JRE 1.4.2_35 and earlier
4.0 Recommendation Oracle has released a security update for these issues. Users are highly encouraged to download the most recent release of Java JDK and JRE to address these vulnerabilities. Update can be obtained from: Generally, MyCERT advises the users of this product to be updated with the latest security announcements by the vendor. Users who receive suspicious applets or URL can forward them to MyCERT for further analysis. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References i. http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html |
