Oracle has released an emergency patch to address two critical vulnerabilities in Java 6 and Java 7, CVE-2013-0809 and CVE-2013-1493.
It was just last week that FireEye researchers advised users to disable Java browser plugins following the discovery that cybercriminals were exploiting CVE-2013-1493 to spread McRAT malware.
Oracle had intended to include a fix for the bug in the critical patch update scheduled for April 16th, but decided to release it ahead of time given the ongoing attacks. The company has been aware of the bug since February 1st, 2013.
Oracle recommends that users upgrade to the latest versions of Java, which are now Java 7 Update 17 or Java 6 Update 43 (no word on why Java 7 U16 or Java 6 U42 were skipped).
By the way, Oracle has stated that this will be the last security update for Java 6, so it’s time to update to Java 7 if you wish to continue receiving public updates & security enhancements.
Users can upgrade Java by:
- Using the built-in auto update feature or manually check for updates through the Java Control panel.
- Downloading the latest version from java.com.