Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Rushes Emergency Java Update To Patch McRAT Vulnerabilities

Posted by Unknown on from the brought-to-you-by-c-sharp dept.

msm1267 writes "Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today's update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15. The vulnerability allows for arbitrary memory execution in the Java virtual machine process; attackers exploiting the flaw were able to download the McRAT remote access Trojan."

8 of 165 comments (clear)

  1. Only one program I miss by AG+the+other · · Score: 1, Insightful

    Open office won't work without Java. Maybe some day I'll be convinced that they have their stuff together again and I'll reinstall it.

    --
    Non bene pro toto libertas venditur auro
    1. Re:Only one program I miss by Desler · · Score: 5, Insightful

      Open office won't work without Java.

      Sure it does. The only parts that really required Java were a couple of wizards and the RDBMS.

  2. even worse than the vulns by csumpi · · Score: 5, Insightful

    Even worse than the vulnerabilities are the _constant_ nagging for updates. Then on top of it, the way java updates is stupid. With every update a new version is installed, and the old ones are left uninstalled. So it got uninstalled. All of it.

    The language is ok, but everything else about java just plain sucks.

  3. Re:Uninstall by DigitAl56K · · Score: 4, Insightful

    I mean it's no different than me going around, running executables from random websites and then blaming Microsoft for not doing more to secure their OS.

    It's entirely different, the plugin is supposed to be sandboxed.

  4. Re:Uninstall by Deekin_Scalesinger · · Score: 4, Insightful

    Look me in the eye and tell me you compile everything from source, after verifying each line of code. Do you trust Mozilla? Canonical? Berkeley? What an asinine statement.

    --
    "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
  5. Re:Uninstall by holostarr · · Score: 5, Insightful

    Obviously sometimes you have no choice but to trust someone else's code, but there is a difference between blindly trusting all code versus evaluating the source of the code and deciding whether or not there is enough good faith for the source to be trusted.

  6. How to stop applets from running by TrueSpeed · · Score: 3, Insightful

    The Java Control Panel (in the Windows control panel) contains a checkbox under the Security Panel called "Enable Java content in the Browser". Uncheck this if you do not want applets to run. This selection stays persisted each time you update the JRE.

    Once again,

    Windows Control Panel->Java Control Panel->Security Panel. Make sure the "Enable Java content in the Browser" checkbox is unchecked.

  7. Re:Warning: Oracle installs ask.com toolbar by bloodhawk · · Score: 3, Insightful

    It's a damn slap in the face. You install updates to protect yourself and you get the fucking ask.com malware as your reward.