Warning that technical details regarding exploitation of the vulnerability have already been released, Oracle has issued a critical security alert to all Java users. 'Due to the severity of this vulnerability and the public disclosure of technical details,' the company warned, 'Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.'Source: Bit Tech
While the attack is cross-platform, there is one small mitigation: deployments of Java on embedded devices and server environments are typically configured to run only trusted code, meaning that they are not at risk of running remotely-supplied and unauthenticated code even if the vulnerability is successfully exploited.
There's yet another critical bug in Java
Posted on Thursday, March 24 2016 @ 13:36 CET by Thomas De Maesschalck