Oracle issues emergency Java patch for bug leading to system hijack

Users have been warned to patch their systems as soon as possible.

screen-shot-2016-03-24-at-08-44-25.jpg

Oracle has released an emergency patch for Java which fixes a critical bug leading to remote code execution without the need for user credentials.

In a security alert posted Thursday, the tech giant said the flaw, CVE-2016-0636, is rather potent -- having achieved a rating of 9.3 through the Common Vulnerability Scoring System.

The bug is considered so severe as the flaw "can impact the availability, integrity, and confidentiality of the user's system."

If a user running an unpatched version of Java in either their browser or desktop, a single visit to a malicious page can lead to the remote exploitation of their system -- without any authentication details such as usernames or passwords.

Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected. However, Java deployments in servers or standalone desktop applications -- which only run trusted code -- are not thought to be at risk.

Users should update their systems as soon as possible, since the severity of the flaw has forced Oracle to issue an out-of-schedule patch. You can download the fix here or accept automatic updates.

Last month, Oracle released a security patch for Java resolving CVE-2016-0603, which permitted attackers to fully compromise Windows machines.

Read on: Top picks

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All