Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2013

Help Centre

Reporting Channels

Definitions of Incidents

Cyber999 - Service Level Agreement

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2012

MA-317.062012 : MyCERT Alert - Oracle Java SE Critical Patch Update Advisory - June 2012

Date first published: 2012-06-13

1.0 Introduction

Multiple critical vulnerabilities have been identified in Oracle Java SE and a collection of patches has been released to address these issues.

2.0 Impact

This Critical Patch Update contains 14 new security fixes for Oracle Java SE. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

3.0 Affected Products

JDK and JRE 7 Update 4 and earlier
JDK and JRE 6 Update 32 and earlier
JDK and JRE 5.0 Update 35 and earlier
SDK and JRE 1.4.2_37 and earlier
JavaFX 2.1 and earlier

4.0 Recommendation

Oracle has released a security update for these issues. Users are highly encouraged to download the most recent release to address these vulnerabilities. Update can be obtained from:

Oracle Java SE Critical Patch Update June 2012 : https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1461813.1
Developers can download the latest release from : http://www.oracle.com/technetwork/java/javase/downloads/index.html
Users running Java SE with a browser can download the latest release from http://java.com . Users on the Windows platform can also use automatic updates to get the latest release.
Developers and users can download the latest Java FX release from http://www.oracle.com/technetwork/java/javafx/

Generally, MyCERT advises the users of this product to be updated with the latest security announcements by the vendor. MyCERT can be reached through the following channels:

E-mail : cyber999@cybersecurity.my or mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

i. http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html