Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0120 Oracle releases Security Alert for CVE-2012-4681 31 August 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: JDK and JRE 7 Update 6 and earlier JDK and JRE 6 Update 34 and earlier Operating System: Windows UNIX variants (UNIX, Linux, OSX) Mobile Device Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-4681 CVE-2012-3136 CVE-2012-1682 CVE-2012-0547 Member content until: Sunday, September 30 2012 Reference: ESB-2012.0819 Comment: Exploits of these vulnerabilities are currently being widely used in malware kits and the details of the vulnerabilities are publicly documented and freely available. OVERVIEW Oracle have released Security Alert for CVE-2012-4681 which corrects this vulnerability and three others in Oracle Java SE. Many of these vulnerabilities are being actively exploited. [1] IMPACT Oracle has published updates for the Oracle Java SE product group. The exploitable vulnerabilities apply to client deployment of Java. The vulnerabilities can be exploited through untrusted Java Web Start applications and untrusted Java applets with the privilege of the currently logged in user. This may include administrative privileges, as is typical in Windows XP. [1] MITIGATION Due to the high severity of these vulnerabilities, Oracle strongly recommends that customers apply this Security Alert as soon as possible. REFERENCES [1] Oracle Security Alert for CVE-2012-4681 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUEAVqO4yVqjM2NGpAQIRvQ/9Hg3tHZdTGZwAXWmiv0YimuukoREqNWr8 r2r2Uu4GjXt65p8iLsq/Uty1Ly93KF8BL86Xy0pEUyMDosf5cuLWp0O1aUimz4Pi FdLNXiiqrFmps40mZSVD47KAEOCVW/HnxRKRMMdd8KOhuk0S4FI5u2jv7Z65aI89 GqjwKCe5wLMVI8prwtIyLTbDed9ifz48ig2cLf8hs+JNrIW6D/uniML7OvlfGTBN 8ljdKjxc/YsrkyrkCXZz2wCH65wqygtRGKCjVC+tI/HQ2Od6+n3WYua+7TsCvArO OEfDfG4wYjeu++BOXece6Peq2sRbwh/3FdZq3ee4GPB5rI1ghkULlRxIPjx9ZwQt X5qh/JrG6nkVZBnsoSb2+aXRJz/UnaJ/aTWDukQ+TsFS8YoGVp+3gKpJJtRsaxgm rXXR8rDfAd82WbNZqtmf3fkR/VZfaJ9H7CGmBlvaksSzBHiuKLMReN4fF0zzvOcx 5XLAYtUc4+iUISVKOX2MW4VeKdyheHYfZY/xCNu+tpb7B5JRKd6FwNRnTfWsepDT Y/ahH+p37CMSROEs6dZF8qznLvKAYlh2/GvW+VR7sO9eOWIfcUo7dcUkEicJHjxs Bj8WA1bruHZidtGOyh9WM3pn/3PHdk6sx8JJwMo/dwX0eu4kdpgumJS+186R2BLR GNmBh0+sVX8= =5EEz -----END PGP SIGNATURE-----