JPCERT-AT-2013-0014
JPCERT/CC
2013-03-05
<<< JPCERT/CC Alert 2013-03-05 >>>
Critical Patch Update for Oracle Java SE, March 2013
https://www.jpcert.or.jp/english/at/2013/at130014.html
I. Overview
Multiple vulnerabilities exist in Oracle's Java SE JDK and JRE. A
remote attacker may cause Java to shut down unexpectedly or execute
arbitrary code by inducing a user to open maliciously crafted contents
that exploit these vulnerabilities. For more information on the
vulnerabilities, refer to the information provided by Oracle.
According to information provided by Oracle, attacks exploiting
these vulnerabilities have been confirmed. It is recommended to update
to the latest version of the software provided by Oracle.
Oracle Security Alert for CVE-2013-1493
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
II. Products Affected
Affected products and versions are as follows:
- Java SE JDK and JRE 7 Update 15 and earlier
- Java SE JDK and JRE 6 Update 41 and earlier
* Oracle has announced that this is the last update release for Java
SE 6. Users should update to Java SE 7.
* Some PC's may come with JRE pre-installed. Please check to see
whether JRE is installed on your PC.
III. Solution
Oracle has released an update. Please update to the latest version.
- Java SE JDK and JRE 7 Update 17
- Java SE JDK and JRE 6 Update 43
Java SE Downloads
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Free Java Download (JRE 7, English)
https://java.com/en/download/index.jsp
Users of 64-bit Windows may have either or both the 32-bit and 64-bit
versions of JDK/JRE installed. Please check the version of JDK/JRE
that is installed and apply the appropriate update.
The version of Java being used can be checked at the following
page. If both the 32-bit and 64-bit versions of Java are installed,
please check the versions of Java by respectively using a 32-bit or
64-bit browser. (For environments that do not have Java installed, a
request to install Java may appear. If you do not require Java, do not
install it.)
Verifying Java Version
https://www.java.com/en/download/installed.jsp
* Some application may not run after updating to the latest version
of Java. Please update after taking into consideration of affects
to applications in use.
IV. References
Oracle
Oracle Security Alert for CVE-2013-1493
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
Oracle
Text Form of Oracle Security Alert - CVE-2013-1493 Risk Matrices
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493verbose-1915091.html
Oracle
Security Alert CVE-2013-1493 Released
https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493
Apple
About Java for Mac OS X v10.6 Update 14
https://support.apple.com/kb/HT5676
FireEye
YAJ0: Yet Another Java Zero-Day
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top