Oracle Java 7 Update 17 Update 15 Patches a Pair of Vulns

Late Monday, Oracle’s upstream swim continued with its fifth major update to Java this year for security fixes. Java 7 Update 15 provides two fixes for vulnerabilities being exploited in the wild today. Both vulnerabilities are remotely exploitable without user authentication, and both carry the highest possible CVSS (Common Vulnerabilities Scoring System) rating of 10.

CV3-2013-1493 was first reported to Oracle as early as Feb. 1. In its advisory Oracle credited HP TippingPoint’s Zero Day Initiative, FireEye and iDefense for reporting the flaw.

“The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE (note that Oracle recently announced its intent to have an additional Java SE security release on this date in addition to those previously scheduled in June and October of 2013),” wrote Eric Maurice, Oracle’s director of software assurance, in a blog post. “However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert.”

Read the full story at eSecurity Planet:
Oracle Patches Java for McRat

Sean Michael Kerner is a senior editor at, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

News Around the Web