Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

3848

December 12th, 2011 04:00

UNPATCHED - Java Update Spoofing Vulnerability

The following has been copied/pasted from http://secunia.com/advisories/47134

Description

... a [less critical] vulnerability [has been reported] in Oracle Java, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to the "Java Update" mechanism insecurely validating new updates and can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks.

This is related to vulnerability #12:
http://secunia.com/advisories/32991/

The vulnerability is reported in versions 1.6.0.28 and prior.

Solution
Do not use the "Java Update" utility.

EDIT:   Lest there be any confusion, this post is suggestion that Java not be updated by using its update utility.   But if java needs updating, you can still go to the Java website, and directly download the program from there.

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

December 12th, 2011 15:00

I see that the Java 6 series has just released update 30.   Perhaps this corrects the vulnerability cited above???

Alternatively, users of Java 6 might consider upgrading to Java 7...

Was this post helpful?

View All

No Events found!

Top