Oracle yesterday released Security Alert CVE-2012-4681 to address three Java vulnerabilities.
“A fourth fix, a security-in-depth fix, which tightens up security in the AWT subcomponent is also included; the vulnerability involved cannot be exploited alone, but Oracle says it could be used in combination with other attacks,” The H Security reports.
“If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system,” Oracle’s Eric P. Maurice wrote in a blog post.
“The Java exploit, originally used for targeted attacks, went public last week and began to spread like wildfire after it was added to the popular BlackHole crimeware kit, making it easily accessible to all types of cybercriminals,” writes Dark Reading’s Kelly Jackson Higgins.
“Users can find the update on Java.com, where it’s labelled Java 7 update 7,” writes Forbes’ Andy Greenberg. “The patch’s release comes months ahead of Oracle’s next planned patch in its cycle, which would have been in October. But perhaps responding to the security community’s warnings that users should disable Java to protect themselves, Oracle has taken the rare step of releasing its fix early.”