Oracle heeft eerder dan oorspronkelijk bedoeld een update voor versie 7.0 voor zowel de developmentkit als de runtime-environment van Java Standard Edition uitgebracht. Deze update stond voor 19 februari op de planning, maar enkele van de beveiligingsproblemen die hiermee worden gedicht worden al actief misbruikt. Meer informatie over de beveiligingsproblemen kunnen op onze eigen voorpagina en in onderstaand security-bulletin worden gevonden.
February 2013 Critical Patch Update for Java SE Released
Oracle just released the February 2013 Critical Patch Update for Java SE. The original Critical Patch Update for Java SE was scheduled on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.
In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities. 44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers). In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets. In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.
For more information: