We wrote about the Java 0-day exploit (CVE-2012-4681) and that there is no fix available from Oracle. In the meanwhile, we have added also detection for the exploit starting with t he engine version 18.104.22.168 or higher. All Avira products detect this exploit as EXP/CVE-2012-4681.
The following versions are affected and must be upgraded to the latest version:
- JDK and JRE 7 Update 6 and before
- JDK and JRE 6 Update 34 and before
It is also possible to let Java auto-update itself, but what I found out on my system is that it is set by default to update once a month:
In order to change these settings, go to Control Panel -> Java and start the Java applet.
You will see the dialog above and there you must click on the “Advanced” button.
I suggest to change the frequency to once a week, during business hours:
Currently the update servers of Oracle are under overloaded because of too many concurrent connections. Please be patient and let the update be performed.