Login   |   Secure Purdue > News

(UPDATED 1/14) Java 7 Zero Day Vulnerability

STEAM-ADVISORY NO. 2013011101

PURDUE UNIVERSITY SECURITY TEAM CIRT

Friday, January 11 17:00:00 EDT  2012

 

== UPDATE January 14th, 2013 ==

 Oracle released an update (Java Version 7 Update 11) to fix this vulnerability.  If you are using the Java auto-update tool then you should receive a message asking to install the new version, otherwise please download and install the new update manually.

==OVERVIEW==

 On January 10, 2013, security researchers reported an unpatched vulnerability in Oracle Java 1.7u10.

 

 ==SYSTEMS AFFECTED==

 Any system running Oracle Java 7 (1.7.x)

 

==DETAILS==

Browsing the web with a vulnerable version of Java installed and enabled means that simply visiting a website is enough for an attacker to compromise your computer.

While "safe browsing" to only trusted websites may limit your exposure to drive-by downloads, it does not address the underlying vulnerability and prevent exploitation.

The malicious software installed through these attacks may collect usernames and passwords used on the compromised computer, including credentials for sensitive websites, bank accounts, email etc.

 

==SOLUTIONS==

Until a patch has been released disabling Java is the only workaround (Note:This workaround may prevent certain websites from working correctly, and must be considered in relation to any enterprise applications that may depend on Java.)

Browsing only trusted sites will help reduce the risk, but not eliminate the risk.

 

==FURTHER INFORMATION AND RESOURCES==

https: / / secunia.com/advisories/51820/

(remove spaces from links)

 

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:

 itap-securityhelp@purdue.edu

 

Report computer-related abuse to steam-cirt:

http://w w w .purdue.edu/securePurdue/incidentReportForm.cfm

http://w w w .purdue.edu/securepurdue/steam

(remove spaces from links)

Posted by Curt Jansen on January 11, 2013, in Advisory Alerts.