Oracle has released the patch for the Java 0-day exploit

We wrote about the Java 0-day exploit (CVE-2012-4681) and that there is no fix available from Oracle. In the meanwhile, we have added also detection for the exploit starting with t he engine  version 8.2.10.148 or higher. All Avira products detect this exploit as  EXP/CVE-2012-4681.

Finally, Oracle released now the Patch 7 for the JRE and JDK.

The following versions are affected and must be upgraded to the latest version:

  • JDK and JRE 7 Update 6 and before
  • JDK and JRE 6 Update 34 and before

It is also possible to let Java auto-update itself, but what I found out on my system is that it is set by default to update once a month:

 

In order to change these settings, go to Control Panel -> Java and start the Java applet.

You will see the dialog above and there you must click on the “Advanced” button.

I suggest to change the frequency to once a week, during business hours:

 

Currently the update servers of Oracle are under overloaded because of too many concurrent connections. Please be patient and let the update be performed.

 

Sorin Mustaca

Data Security Expert