Where's James Gosling when you need him? It's been a bumpy road for Oracle since they acquired Java, but today Oracle has just released Security Alert CVE-2012-0422 to address two vulnerabilities affecting Java in web browsers.
Those using Java on the client side, should grab it ASAP.
These vulnerabilities do not affect Java on servers, Java desktop applications, or embedded Java. The vulnerabilities addressed with this Security Alert are CVE-2013-0422 and CVE-2012-3174. These vulnerabilities, which only affect Oracle Java 7 versions, are both remotely exploitable without authentication and have received a CVSS Base Score of 10.0. Oracle recommends that this Security Alert be applied as soon as possible because these issues may be exploited "in the wild" and some exploits are available in various hacking tools.
The exploit conditions for these vulnerabilities are the same. To be successfully exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website. The execution of the malicious applet within the browser of the unsuspecting users then allows the attacker to execute arbitrary code in the vulnerable system. These vulnerabilities are applicable only to Java in web browsers because they are exploitable through malicious browser applets.
With this Security Alert, and in addition to the fixes for CVE-2013-0422 and CVE-2012-3174, Oracle is switching Java security settings to "high" by default. The high security setting requires users to expressly authorize the execution of applets which are either unsigned or are self-signed. As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet. Note also that Java SE 7 Update 10 introduced the ability for users to easily disable Java in their browsers through the Java Control Panel.
Netflix Orders Second Season of Gothic Thriller HEMLOCK GROVE
Shailene Woodley Cut from AMAZING SPIDER-MAN 2; Marc Webb to Recast Mary Jane?
Domenico Dolce and Stefano Gabbana Sentenced to 20 Months in Prison for Tax Evasion
BWW CD Reviews: Andrea McArdle's 70'S AND SUNNY - LIVE AT 54 BELOW is a Fabulous Throwback to the 70s
BREAKING NEWS: It's Finally Official! MISS SAIGON to Return to West End in May 2014 at Prince Edward Theatre!
STAGE TUBE: First Look at Highlights of BECOMING TRAVIATA Starring Natalie Dessay
BWW Blog: Claire van Bever - The Auditions Tips You HAVEN'T Heard
A DANCER'S DREAM: TWO WORKS BY STRAVINSKY to be Distributed to Worldwide Cinemas, Sept 2013