Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating.
The CVE-2016-0636 vulnerability affects Java SE running in web browsers on desktops, this means that an attacker could set up a malicious web page to remotely take over a vulnerable PC. The new vulnerability may be remotely exploitable without authentication.
“This vulnerability may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.” states the Oracle Security Alert for CVE-2016-0636.
“Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected.”
This vulnerability applies to Java deployments that load and run untrusted code coming from the internet. This vulnerability is not applicable to Java deployments that run only trusted code and does not affect Oracle server-based software.
Due to the high severity of this CVE-2016-0636 vulnerability and the public disclosure of technical details it is essential to upgrade the Java software as soon as possible.
“Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.” states Oracle.
Releases installed by Windows users are automatically updated, Oracle released an update version of Java, Java SE 8u77.
Security Affairs – (CVE-2016-0636 vulnerability, Java)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.