Oracle issues emergency Java patch for bug leading to system hijack

Oracle has released an emergency patch for Java which fixes a critical bug leading to remote code execution without the need for user credentials.

In a security alert posted Thursday, the tech giant said the flaw, CVE-2016-0636, is rather potent -- having achieved a rating of 9.3 through the Common Vulnerability Scoring System.

The bug is considered so severe as the flaw "can impact the availability, integrity, and confidentiality of the user's system."

If a user running an unpatched version of Java in either their browser or desktop, a single visit to a malicious page can lead to the remote exploitation of their system -- without any authentication details such as usernames or passwords.

Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected. However, Java deployments in servers or standalone desktop applications -- which only run trusted code -- are not thought to be at risk.

Users should update their systems as soon as possible, since the severity of the flaw has forced Oracle to issue an out-of-schedule patch. You can download the fix here or accept automatic updates.

Last month, Oracle released a security patch for Java resolving CVE-2016-0603, which permitted attackers to fully compromise Windows machines.

Top gadgets and apps to protect your mobile devices

Read on: Top picks

• How to increase your Bitcoin mining profit by 30 percent with less effort
• SMS Android malware roots and hijacks your device - unless you are Russian
• Bug bounties: Which companies offer researchers cash?
• Shodan: The IoT search engine privacy messenger
• What happens when you leak stolen bank data to the Dark Web?