Pierluigi Paganini
March 24, 2016
Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating.
The CVE-2016-0636 vulnerability affects Java SE running in web browsers on desktops, this means that an attacker could set up a malicious web page to remotely take over a vulnerable PC. The new vulnerability may be remotely exploitable without authentication.
“This vulnerability may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.” states the Oracle Security Alert for CVE-2016-0636.
“Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected.”
This vulnerability applies to Java deployments that load and run untrusted code coming from the internet. This vulnerability is not applicable to Java deployments that run only trusted code and does not affect Oracle server-based software.
Due to the high severity of this CVE-2016-0636 vulnerability and the public disclosure of technical details it is essential to upgrade the Java software as soon as possible.
“Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.” states Oracle.
Releases installed by Windows users are automatically updated, Oracle released an update version of Java, Java SE 8u77.
Security Affairs – (CVE-2016-0636 vulnerability, Java)
