The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms.
The successful exploitation of the critical vulnerability, assigned CVE-2016-0603
, could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim’s system before installing Java 6, 7 or 8.
Although the vulnerability is considered relatively complex to exploit, a successful attack results in “complete compromise” of the target’s machine.
What You Need to Know About the Java Exploit
The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website.
Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability.
“However, Java users who have downloaded any old version of Java before 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later,” says Eric Maurice, Oracle security blogger.
Patch Now! Java Update Released
Not much details about the flaw have been known yet, neither Oracle has provided any public information on the nature of the vulnerability.
However, due to the threat posed by a successful attack, we strongly recommend customers to apply the emergency patch as soon as possible.