Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 7u5 and 6u33 released

Published: 2012-06-12
Last Updated: 2012-06-12 21:21:27 UTC
by Swa Frantzen (Version: 3)
4 comment(s)

Toby reminded us that Oracle is releasing Java 7 update 5 and Java 6 update 33 today.

Updated after Oracle released the vulnerability details.

Unfortunately it's all still made to be useless to determine what the problems are with the software and perform your own risk assessments.

Just note there are CVSS scores of 10 in there, and in the past months we saw what slacking on patching Java can do (Ref: the recent Apple Mac OS X malware), so just patch this on a rather urgent time schedule due to lack of detailed descriptions.

Update:

My words above were barely written or I got the notification of Apple that they are releasing Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 today as well. This brings them in line with the updates to 1.6.0_33 above as well as implementing the deactivation of the Java browser plugin and Java Web Start if they remain unused for 35 days to Snow Leopard and deactivating the Java browser plugin and Java Web Start if they do not meet the criteria for minimum safe versions (on Both Lion and Snow Leopard.

--
Swa Frantzen -- Section 66

Keywords: black tuesday java
4 comment(s)
Diary Archives