Oracle releases Java 0-day vulnerability security patch
Yesterday we highlighted the Java 7 0-day vulnerability (CVE-2012-4681) that necessitated immediate attention by disabling the Java plug-in. Oracle has now addressed this vulnerability by releasing a security patch that users should install on an immediate basis.
In the past, Oracle has only released updates once every 4 months. Hence it was expected that this specific update would only be available to users by October. By breaking this update cycle Oracle has acknowledged the seriousness of this vulnerability and the risks involved.
We advise everyone to immediately install this update as the number of related attacks have increased considerably. There are several websites that have already been compromised and can potentially launch malicious Java applets to infect visiting machines.
The Oracle security update can be downloaded by visiting this link. The update patches this particular 0-day vulnerability and also addresses 2 other minor vulnerabilities. Here is an image of the screen one will see and the option to select.
39 Comments
i hv recently upgraded Jave…do i have to download again?
i am in the middle of the work, so will it ask me to restart the computer once the setup is done?
Hi Sachin,
This is the latest security patch by Oracle. It is advisable to update as the last version had a vulnerability which is being exploited on a large scale. Yes, you will need to restart the machine whenever you carry this out.
I am Total Security user….i read the post…..my PC sus on Windows XP SP-2 2001 Build….i doubt it is 32bit…and Java has not provided above mentioned update for 32bit…..so may i know “how to check what bit my XP is?”
thnx
Amit
Hi Amit,
Click on ‘Start’, then click on ‘Run’, type ‘sysdm.cpl’, click OK and click on ‘General’. If your OS is 64-bit it will mention the term ‘x64’. If nothing like this is mentioned, your OS is 32-bit. Also, in the Java link provided the options that say ‘Windows x86’ are for 32-bit versions.
Thanks.
Doesn’t Quick heal protect me from that!!!!!!!!!!!!!!!!!!
Hi Resham,
Browser sandbox in Quick Heal 2013 protects against threats that utilize the Java vulnerability. It is advisable to update/disable the Java plug-in immediately.
How can i update java ? and which site i do this ?
Hi Kaushik,
Kindly click on the link that is provided towards the end of the post.
Thanks.
good thing let me see
Hello,
I use OpenJDK, an open source implementation of Oracle Java for Linux platforms. Is my system vulnerable to the threat? If yes, how can my system be updated given that I don’t use the regular Oracle Java?
Hi Alok,
This threat may or may not affect OpenJDK. However, it is best to update all software on your machine regularly. This includes the Java implementation you have and the OS you use as well. You must also update your antivirus regularly. You can also check out the Quick Heal product for Linux OS.
Thanks.
hi. i am used quick heal total security 2012. what is the java 0 day vulnerability.
Hi Anveshak,
To learn more about the Java 0-day vulnerability, kindly refer to this post – https://blogs.quickheal.com/how-to-avoid-latest-java-0-day-vulnerability/.
hi rahul there are two options available with ‘windows x86’ONLINE AND OFFLINE, WHICH SHOULD I DOWNLOAD
TO BE CLEAR IN A LAYMAN DEFINITION CAN YOU EXPLAIN ME HOW DOES IT EFFECT THE PC
REGARDS
KARUN
Hi Karun,
The ‘online’ version updates Java while your machine is online. The ‘offline’ version stores the installer on your machine and updates Java even when you are offline. The online version is smaller and quicker, but you can pick any option you like.
Dear Rahul,
After clicking the required link for JRE Download, we go to another page where a whole list of downloads (Linux, MacOS, Windows 64bit etc) are shown. For Home Computers, as far as I know, the 32 bit version is needed BUT this version does NOT figure in the list. So what’s to be done??? Kindly advise?
I understand from your “Replies” that Windows x86 is to be downloaded BUT there’s a “Windows x86 Kernel” and there’s an ” Windows x86 Online”. So ARE BOTH TO BE DOWNLOADED??? Tks
Hi Ashok,
You can choose to download either one of the two Windows x86 options – online or offline.
Thanks.
Rahul,
Now that we have downloaded/installed the Security Patch for Version 7, DO WE NEED TO GO BACK AND “CHECK” THE BOX next to “MOZILLA FAMILY/Internet Explorer” (which you had asked us to Un-check in yesterday’s alert)??? i.e. Open “CONTROL PANEL”> Click “ADVANCED” > Expand “Default Java for Browsers” and re-check
Hi Ashok,
Yes, if you have downloaded the Java patch you can reactivate the Java plug-in. But you can also take a call about whether you need Java on your machine or not.
Thanks.
Does one require to uninstall the previous updates of Java and the install the new update
Hi Noebert,
No, you do not need to uninstall the previous version. You can update it directly.
Thanks.
After installing this patch do i have to manually enable java plug in?
Yes Ankit, you will need to enable the Java plug-in manually.
Sir,
I have some issues about this matter…..i have some snapshots of issue which i want to show you so can you please reply me at my email address Cool_raj_ranchi@yahoo.in
Waiting
Hi Raj,
Kindly visit this link – https://www.quickheal.com/supp_tic.asp. You will need to enter some details about your issue and our support team will then contact you to provide assistance.
Thanks.
Hi. Rahul. I m using windows 7 OS . How can i know that my system is of 32-bit
or 64-bit . And i m a Quick heal user. Can i use this software? Plz reply.
Hi Asmit,
Go to the Start menu. Right-click on My Computer and then click on Properties. The system information shown there will tell you if your OS is 32-bit or 64-bit. This method is applicable for Windows 7 and Windows Vista.
Thanks.
I have Windows 7 Ultimate OS (32 bit) and Java 7.0.60.24 and update till 7u6. I followed the link and went to the Oracle site and was left confused as to which one to download for the security patch. Can you help me?
Hi Naresh,
Go to the link provided in the post and download the JRE option as shown in the image. After that, you can pick the Windows x86 online or offline option.
Hope this helps.
Thanks for this help. Doing it right now.
hi i prashant nice antivirus quick heal…….
i m quick heal user even though i need java update?
Hi Manoj,
Yes you will need to update the Java plug-in. The browser sandbox feature in Quick Heal 2013 will ensure protection but it is better to protect yourself against such threats.
after updating we can enable java plugin?
Hi Varun,
Yes you can enable the Java plug-in once again after installing the update.
Thanks.
After reading a article in PC World ie the following link https://www.pcworld.com/article/261788/researchers_find_critical_vulnerability_in_java_7_patch_hours_after_release.html
is it still safe to enable java plug-in again
Hi Noebert,
As of now it is safe to enable Java plug-ins. But you might want to reconsider whether you need Java on your machine or not. You can try browsing without it for a few days and see if it is really necessary.
Thanks.
Hi, Rahul,
I am working as an system admin in IT co. I want to buy quick heal total security for my co.. I would like to know whether this product supports oracle 10g or not