JPCERT-AT-2013-0007
JPCERT/CC
2013-02-04
<<< JPCERT/CC Alert 2013-02-04 >>>
Critical Patch Update for Oracle Java SE, February 2013
https://www.jpcert.or.jp/english/at/2013/at130007.html
I. Overview
Multiple vulnerabilities exist in Oracle's Java SE JDK and JRE. A
remote attacker may cause Java to shut down unexpectedly or execute
arbitrary code by inducing a user to open maliciously crafted contents
that exploit these vulnerabilities. For more information on the
vulnerabilities, refer to the information provided by Oracle.
According to information provided by Oracle, attacks exploiting
these vulnerabilities have been confirmed. It is recommended to update
to the latest version of the software provided by Oracle.
Oracle Java SE Critical Patch Update Advisory - February 2013
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
II. Products Affected
Affected products and versions are as follows:
- Java SE JDK and JRE 7 Update 11 and earlier
- Java SE JDK and JRE 6 Update 38 and earlier
* Oracle has announced that support for Java SE 6 will end in
February 2013. Users should update to Java SE 7 prior to this date.
* Some PC's may come with JRE pre-installed. Please check to see
whether JRE is installed on your PC.
III. Solution
Oracle has released an update. Please update to the latest version.
- Java SE JDK and JRE 7 Update 13
- Java SE JDK and JRE 6 Update 39
Java SE Downloads
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Free Java Download (JRE 7, English)
http://java.com/en/download/index.jsp
Users of 64bit Windows may have either or both the 32bit and 64bit
versions of JDK/JRE installed. Please check the version of JDK/JRE
that is installed and apply the appropriate update.
The version of Java being used can be checked at the following
page. If both the 32bit and 64bit versions of Java are installed,
please check the versions of Java by respectively using a 32bit or
64bit browser. (For environments that do not have Java installed, a
request to install Java may appear. If you do not require Java, do not
install it.)
Verifying Java Version
http://www.java.com/en/download/installed.jsp
* Some application may not run after updating to the latest version of Java.
Please update after taking into consideration of affects to application in
use.
IV. References
Oracle
Oracle Java SE Critical Patch Update Advisory - February 2013
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Oracle
Text Form of Oracle Java SE Critical Patch Update - February 2013 Risk Matrices
http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html
Oracle
February 2013 Critical Patch Update for Java SE Released
https://blogs.oracle.com/security/entry/february_2013_critical_patch_update
Apple
About the security content of Java for Mac OS X v10.6 Update 12
http://support.apple.com/kb/HT5647
JVNTA13-010A
Vulnerability Found in Oracle Java 7
https://jvn.jp/cert/JVNTA13-010A/index.html
JVNTA13-032A
Multiple Vulnerabilities in Oracle Java 7
https://jvn.jp/cert/JVNTA13-032A/index.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top