+ Post New Thread
Results 1 to 10 of 10
Downloads Thread, Java 7 Update 17 in Links, Downloads and Scripts; Well, we all knew it was coming. Security Alert CVE-2013-1493 - update here . This Security Alert contains 2 new ...
  1. #1

    Join Date
    Dec 2007
    Location
    Potomac, MD, USA
    Posts
    68
    Thank Post
    12
    Thanked 28 Times in 14 Posts
    Rep Power
    56

    Java 7 Update 17

    Well, we all knew it was coming.

    Security Alert CVE-2013-1493 - update here.

    This Security Alert contains 2 new security fixes for Oracle Java SE. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
    By my count that's the 4th one this year. I have a tenner that says we'll make 5 by Easter.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,689
    Thank Post
    756
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    I've given up with Java

    Ben

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Just came here to post a rant about this, if only I could get rid of it my days could be filled with betterment rather than fighting with the primative sack of ...

  4. #4

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    Quote Originally Posted by plexer View Post
    I've given up with Java

    Ben
    At least they are admitting the problem now:
    JAVA Security Update.png

  5. 2 Thanks to vikpaw:

    BarryBKS (5th March 2013), themightymrp (5th March 2013)

  6. #5
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,086
    Thank Post
    46
    Thanked 88 Times in 83 Posts
    Rep Power
    23
    Id really like to whitelist java to only the local intranet. Any ideas? The best i can do is get IE to prompt with the yellow bar for non approved domains.

  7. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,214 Times in 761 Posts
    Rep Power
    395
    You could configure a deployment.properties file with bogus proxy settings, that way it wouldn't connect to anything outside your network.

  8. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,792
    Thank Post
    262
    Thanked 2,964 Times in 2,179 Posts
    Rep Power
    846
    Quote Originally Posted by vikpaw View Post
    At least they are admitting the problem now:
    Only 2.85 billion devices at risk now!!!

    Java-based attacks remain at large, researchers say « ZDNet

    The researchers found that the latest version of Java, version 1.7.17, is only in use by a dismal five percent of users, and many versions are months or years out of date — just begging to be exploited.



    The most widely-detected version of Java currently in use is version 1.6.16. Over 75 percent of browsers are using Java versions which are at least 6 months old, whereas nearly two-thirds are a year out of date, and 50 percent of Java versions in use are over two years behind the times in respect to Java vulnerabilities.

    All in all, the researchers say that the vulnerable population of browsers is pegged at a staggering 93.77 percent.

  9. #8


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,058
    Thank Post
    232
    Thanked 924 Times in 793 Posts
    Rep Power
    308
    Quote Originally Posted by Arthur View Post
    Only 2.85 billion devices at risk now!!!

    Java-based attacks remain at large, researchers say « ZDNet
    what do they expect when by the time youve found theres an update and tested it theres another one. they would do better actually testing it then releasing updates every few months not days same as flash

  10. #9

    Join Date
    Dec 2007
    Location
    Potomac, MD, USA
    Posts
    68
    Thank Post
    12
    Thanked 28 Times in 14 Posts
    Rep Power
    56
    Well, I would have lost my tenner, but I was close: another Java 7 update is due out on Tuesday.

    Ars Technica are reporting that it is Java 7 Update 21, but don't explain what happened to update 18, 19 and 20 (update 17 is the latest one available for download). So technically maybe I was right? Who even knows any more.

  11. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,792
    Thank Post
    262
    Thanked 2,964 Times in 2,179 Posts
    Rep Power
    846
    Quote Originally Posted by JSchlackman View Post
    another Java 7 update is due out on Tuesday
    A few more dates for your diary...

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are:

    16 April 2013
    18 June 2013
    15 October 2013
    14 January 2014



SHARE:
+ Post New Thread

Similar Threads

  1. java updates
    By MattDLEA in forum Network and Classroom Management
    Replies: 1
    Last Post: 31st October 2011, 12:59 PM
  2. java update sched delete
    By denon101 in forum Windows
    Replies: 2
    Last Post: 30th March 2010, 07:15 PM
  3. Java Update 1.6.10 - Beware jqs.exe
    By Mr.Ben in forum Educational Software
    Replies: 2
    Last Post: 9th December 2008, 12:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •