Zero day exploit for version 1.7.06 of Java

On Monday, August 27, a zero day exploit was identified for version 1.7.06 of Java.  For those that don’t require it, the ideal solution would be to uninstall Java completely.  However, as I understand it, the EIS Compass application requires version 1.6.  That requires we consider the second best option which is make sure your customers are using the most current version of 1.6 (which is 34 -

http://www.oracle.com/technetwork/java/javase/downloads/jre6-downloads-1637595.html )

The version 34 should provide all the security patches that are included with 1.7 but not the vulnerable code that is unique to version 1.7.

 

For additional details see the following link -

http://isc.sans.edu/diary/Quick+Bits+about+Today+s+Java+0-Day/13984

Update August 30 3:30 p.m.

Oracle released a patch for the zero day vulnerability on August 30.

It can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/index.html

Release notes are available at – http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html

Tags:

Categories: Uncategorized