Security flaw resolved in versions of Java 7u7 and 6u35

Security Alert for CVE-2012-4681 Released

Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547. These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software.

Apparently, Oracle knew about the problem for months, and did nothing to resolve it. Who says researchers are security Security Explorations, have warned that indicate the company several months ago.

 The Venturebeat says that the security company has released a list of all the vulnerabilities of the code and sent to Oracle in April. In response, Oracle said it had received the report and that the update should be released in June. However, continue to investigate other problems until August.


To check the version you have installed should re-enable Java in the browser, if the disabled are as indicated, and access Java test page.

Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible. Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.

• Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html
• Java users should download the latest release of JRE at http://java.com, and of course
• Windows users can take advantage of the Java Automatic Update to get the latest release.

For more information:

• The Advisory for Security Alert CVE-2012-4681 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
• Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp
• Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

 
I recommend you uninstall all previous versions of Java (JRE and JDK), and install the new versions.

Source: https://blogs.oracle.com/security/entry/security_alert_for_cve_20121