Oracle has announced a Critical Patch Update to Java which will be released today (Tuesday 18 June 2013). This patch pack addresses 40 different vulnerabilities affecting all update levels of Java SE 5,6,7 and all versions of JavaFX.
37 of these vulnerabilities are exploitable remotely without a username or password.
ITC recommend that you take Oracle’s advice and patch your systems as soon as possible:
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
Most Java enabled browsers are vulnerable to a wide array of issues and Java is a very common vector for infecting machines via compromised websites. Sometimes these websites have been auto-compromised by a scanning and infecting bot, however sometimes the site is deliberately targeted in order to catch a small number or even a single fly. That could be you.
An example of targeted infection includes compromising websites advertising local amenities or accommodation near the target’s company head office or satellite offices. A single user within the target company browses the site, becomes infected and the game begins.
If you would like to discuss Java vulnerabilities or any other information security issues, please get in touch with ITC.
