+ Post New Thread
Results 1 to 10 of 10
Downloads Thread, Java 7 Update 17 in Links, Downloads and Scripts; Well, we all knew it was coming. Security Alert CVE-2013-1493 - update here . This Security Alert contains 2 new ...
  1. #1

    Join Date
    Dec 2007
    Location
    Potomac, MD, USA
    Posts
    60
    Thank Post
    10
    Thanked 24 Times in 12 Posts
    Rep Power
    54

    Java 7 Update 17

    Well, we all knew it was coming.

    Security Alert CVE-2013-1493 - update here.

    This Security Alert contains 2 new security fixes for Oracle Java SE. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
    By my count that's the 4th one this year. I have a tenner that says we'll make 5 by Easter.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,657
    Thank Post
    657
    Thanked 1,624 Times in 1,453 Posts
    Rep Power
    422
    I've given up with Java

    Ben

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Just came here to post a rant about this, if only I could get rid of it my days could be filled with betterment rather than fighting with the primative sack of ...

  4. #4

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    6,007
    Thank Post
    679
    Thanked 1,396 Times in 1,156 Posts
    Rep Power
    353
    Quote Originally Posted by plexer View Post
    I've given up with Java

    Ben
    At least they are admitting the problem now:
    JAVA Security Update.png

  5. 2 Thanks to vikpaw:

    BarryBKS (5th March 2013), themightymrp (5th March 2013)

  6. #5
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,008
    Thank Post
    42
    Thanked 83 Times in 79 Posts
    Rep Power
    22
    Id really like to whitelist java to only the local intranet. Any ideas? The best i can do is get IE to prompt with the yellow bar for non approved domains.

  7. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    You could configure a deployment.properties file with bogus proxy settings, that way it wouldn't connect to anything outside your network.

  8. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,006
    Thank Post
    230
    Thanked 2,693 Times in 1,988 Posts
    Rep Power
    791
    Quote Originally Posted by vikpaw View Post
    At least they are admitting the problem now:
    Only 2.85 billion devices at risk now!!!

    Java-based attacks remain at large, researchers say « ZDNet

    The researchers found that the latest version of Java, version 1.7.17, is only in use by a dismal five percent of users, and many versions are months or years out of date — just begging to be exploited.



    The most widely-detected version of Java currently in use is version 1.6.16. Over 75 percent of browsers are using Java versions which are at least 6 months old, whereas nearly two-thirds are a year out of date, and 50 percent of Java versions in use are over two years behind the times in respect to Java vulnerabilities.

    All in all, the researchers say that the vulnerable population of browsers is pegged at a staggering 93.77 percent.

  9. #8


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,619
    Thank Post
    229
    Thanked 860 Times in 738 Posts
    Rep Power
    297
    Quote Originally Posted by Arthur View Post
    Only 2.85 billion devices at risk now!!!

    Java-based attacks remain at large, researchers say « ZDNet
    what do they expect when by the time youve found theres an update and tested it theres another one. they would do better actually testing it then releasing updates every few months not days same as flash

  10. #9

    Join Date
    Dec 2007
    Location
    Potomac, MD, USA
    Posts
    60
    Thank Post
    10
    Thanked 24 Times in 12 Posts
    Rep Power
    54
    Well, I would have lost my tenner, but I was close: another Java 7 update is due out on Tuesday.

    Ars Technica are reporting that it is Java 7 Update 21, but don't explain what happened to update 18, 19 and 20 (update 17 is the latest one available for download). So technically maybe I was right? Who even knows any more.

  11. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,006
    Thank Post
    230
    Thanked 2,693 Times in 1,988 Posts
    Rep Power
    791
    Quote Originally Posted by JSchlackman View Post
    another Java 7 update is due out on Tuesday
    A few more dates for your diary...

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are:

    16 April 2013
    18 June 2013
    15 October 2013
    14 January 2014

SHARE:
+ Post New Thread

Similar Threads

  1. java updates
    By MattDLEA in forum Network and Classroom Management
    Replies: 1
    Last Post: 31st October 2011, 11:59 AM
  2. java update sched delete
    By denon101 in forum Windows
    Replies: 2
    Last Post: 30th March 2010, 06:15 PM
  3. Java Update 1.6.10 - Beware jqs.exe
    By Mr.Ben in forum Educational Software
    Replies: 2
    Last Post: 9th December 2008, 11:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •