/>
X

Oracle issues emergency Java patch for bug leading to system hijack

Users have been warned to patch their systems as soon as possible.
charlie-osborne.jpg
Written by Charlie Osborne, Contributor on
screen-shot-2016-03-24-at-08-44-25.jpg

Oracle has released an emergency patch for Java which fixes a critical bug leading to remote code execution without the need for user credentials.

In a security alert posted Thursday, the tech giant said the flaw, CVE-2016-0636, is rather potent -- having achieved a rating of 9.3 through the Common Vulnerability Scoring System.

The bug is considered so severe as the flaw "can impact the availability, integrity, and confidentiality of the user's system."

If a user running an unpatched version of Java in either their browser or desktop, a single visit to a malicious page can lead to the remote exploitation of their system -- without any authentication details such as usernames or passwords.

Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected. However, Java deployments in servers or standalone desktop applications -- which only run trusted code -- are not thought to be at risk.

Users should update their systems as soon as possible, since the severity of the flaw has forced Oracle to issue an out-of-schedule patch. You can download the fix here or accept automatic updates.

Last month, Oracle released a security patch for Java resolving CVE-2016-0603, which permitted attackers to fully compromise Windows machines.

Top gadgets and apps to protect your mobile devices

Read on: Top picks

Related

This is the ultimate security key. Here's why you need one
Yubikey 5C NFC

This is the ultimate security key. Here's why you need one

Security
Azure's capacity limitations are continuing. What can customers do?
azurecapacitylimits

Azure's capacity limitations are continuing. What can customers do?

Cloud
He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business