Oracle releases Java 0-day vulnerability security patch

Yesterday we highlighted the Java 7 0-day vulnerability (CVE-2012-4681) that necessitated immediate attention by disabling the Java plug-in. Oracle has now addressed this vulnerability by releasing a security patch that users should install on an immediate basis.

In the past, Oracle has only released updates once every 4 months. Hence it was expected that this specific update would only be available to users by October. By breaking this update cycle Oracle has acknowledged the seriousness of this vulnerability and the risks involved.

We advise everyone to immediately install this update as the number of related attacks have increased considerably. There are several websites that have already been compromised and can potentially launch malicious Java applets to infect visiting machines.

The Oracle security update can be downloaded by visiting this link. The update patches this particular 0-day vulnerability and also addresses 2 other minor vulnerabilities. Here is an image of the screen one will see and the option to select.

Java update

Rahul Thadani

Rahul Thadani


39 Comments

Your email address will not be published.

CAPTCHA Image

  1. i hv recently upgraded Jave…do i have to download again?

    i am in the middle of the work, so will it ask me to restart the computer once the setup is done?

    Reply
    • Rahul Thadani Rahul ThadaniAugust 31, 2012 at 2:53 PM

      Hi Sachin,
      This is the latest security patch by Oracle. It is advisable to update as the last version had a vulnerability which is being exploited on a large scale. Yes, you will need to restart the machine whenever you carry this out.

      Reply
  2. I am Total Security user….i read the post…..my PC sus on Windows XP SP-2 2001 Build….i doubt it is 32bit…and Java has not provided above mentioned update for 32bit…..so may i know “how to check what bit my XP is?”
    thnx

    Amit

    Reply
    • Rahul Thadani Rahul ThadaniAugust 31, 2012 at 2:48 PM

      Hi Amit,
      Click on ‘Start’, then click on ‘Run’, type ‘sysdm.cpl’, click OK and click on ‘General’. If your OS is 64-bit it will mention the term ‘x64’. If nothing like this is mentioned, your OS is 32-bit. Also, in the Java link provided the options that say ‘Windows x86’ are for 32-bit versions.
      Thanks.

      Reply
  3. Doesn’t Quick heal protect me from that!!!!!!!!!!!!!!!!!!

    Reply
    • Rahul Thadani Rahul ThadaniAugust 31, 2012 at 3:35 PM

      Hi Resham,
      Browser sandbox in Quick Heal 2013 protects against threats that utilize the Java vulnerability. It is advisable to update/disable the Java plug-in immediately.

      Reply
  4. How can i update java ? and which site i do this ?

    Reply
  5. Avatar Ritanjali mahaAugust 31, 2012 at 3:42 PM

    good thing let me see

    Reply
  6. Hello,
    I use OpenJDK, an open source implementation of Oracle Java for Linux platforms. Is my system vulnerable to the threat? If yes, how can my system be updated given that I don’t use the regular Oracle Java?

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 3, 2012 at 11:24 AM

      Hi Alok,
      This threat may or may not affect OpenJDK. However, it is best to update all software on your machine regularly. This includes the Java implementation you have and the OS you use as well. You must also update your antivirus regularly. You can also check out the Quick Heal product for Linux OS.
      Thanks.

      Reply
  7. Avatar anveshak gautamAugust 31, 2012 at 4:22 PM

    hi. i am used quick heal total security 2012. what is the java 0 day vulnerability.

    Reply
  8. hi rahul there are two options available with ‘windows x86’ONLINE AND OFFLINE, WHICH SHOULD I DOWNLOAD

    TO BE CLEAR IN A LAYMAN DEFINITION CAN YOU EXPLAIN ME HOW DOES IT EFFECT THE PC

    REGARDS
    KARUN

    Reply
    • Rahul Thadani Rahul ThadaniAugust 31, 2012 at 5:01 PM

      Hi Karun,
      The ‘online’ version updates Java while your machine is online. The ‘offline’ version stores the installer on your machine and updates Java even when you are offline. The online version is smaller and quicker, but you can pick any option you like.

      Reply
  9. Dear Rahul,
    After clicking the required link for JRE Download, we go to another page where a whole list of downloads (Linux, MacOS, Windows 64bit etc) are shown. For Home Computers, as far as I know, the 32 bit version is needed BUT this version does NOT figure in the list. So what’s to be done??? Kindly advise?

    Reply
  10. I understand from your “Replies” that Windows x86 is to be downloaded BUT there’s a “Windows x86 Kernel” and there’s an ” Windows x86 Online”. So ARE BOTH TO BE DOWNLOADED??? Tks

    Reply
    • Rahul Thadani Rahul ThadaniAugust 31, 2012 at 5:47 PM

      Hi Ashok,
      You can choose to download either one of the two Windows x86 options – online or offline.
      Thanks.

      Reply
  11. Rahul,
    Now that we have downloaded/installed the Security Patch for Version 7, DO WE NEED TO GO BACK AND “CHECK” THE BOX next to “MOZILLA FAMILY/Internet Explorer” (which you had asked us to Un-check in yesterday’s alert)??? i.e. Open “CONTROL PANEL”> Click “ADVANCED” > Expand “Default Java for Browsers” and re-check

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 1, 2012 at 10:16 AM

      Hi Ashok,
      Yes, if you have downloaded the Java patch you can reactivate the Java plug-in. But you can also take a call about whether you need Java on your machine or not.
      Thanks.

      Reply
  12. Avatar Noebert AlmeidaAugust 31, 2012 at 6:14 PM

    Does one require to uninstall the previous updates of Java and the install the new update

    Reply
  13. After installing this patch do i have to manually enable java plug in?

    Reply
  14. Sir,
    I have some issues about this matter…..i have some snapshots of issue which i want to show you so can you please reply me at my email address Cool_raj_ranchi@yahoo.in

    Waiting

    Reply
  15. Hi. Rahul. I m using windows 7 OS . How can i know that my system is of 32-bit
    or 64-bit . And i m a Quick heal user. Can i use this software? Plz reply.

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 1, 2012 at 12:28 PM

      Hi Asmit,
      Go to the Start menu. Right-click on My Computer and then click on Properties. The system information shown there will tell you if your OS is 32-bit or 64-bit. This method is applicable for Windows 7 and Windows Vista.
      Thanks.

      Reply
  16. I have Windows 7 Ultimate OS (32 bit) and Java 7.0.60.24 and update till 7u6. I followed the link and went to the Oracle site and was left confused as to which one to download for the security patch. Can you help me?

    Reply
  17. hi i prashant nice antivirus quick heal…….

    Reply
  18. i m quick heal user even though i need java update?

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 1, 2012 at 5:59 PM

      Hi Manoj,
      Yes you will need to update the Java plug-in. The browser sandbox feature in Quick Heal 2013 will ensure protection but it is better to protect yourself against such threats.

      Reply
  19. after updating we can enable java plugin?

    Reply
  20. Avatar Noebert AlmeidaSeptember 2, 2012 at 10:09 PM

    After reading a article in PC World ie the following link https://www.pcworld.com/article/261788/researchers_find_critical_vulnerability_in_java_7_patch_hours_after_release.html
    is it still safe to enable java plug-in again

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 3, 2012 at 10:59 AM

      Hi Noebert,
      As of now it is safe to enable Java plug-ins. But you might want to reconsider whether you need Java on your machine or not. You can try browsing without it for a few days and see if it is really necessary.
      Thanks.

      Reply
  21. Avatar swapnil gurjarOctober 10, 2012 at 9:44 AM

    Hi, Rahul,

    I am working as an system admin in IT co. I want to buy quick heal total security for my co.. I would like to know whether this product supports oracle 10g or not

    Reply