Oracle has released a patch for a bug in Java that could allow a remote attacker to gain complete control of a Windows system.
The bug, which has been assigned the designation CVE-2016-0603, affects Windows users who attempt to install older versions of Java SE 6, 7 or 8, Oracle said.
An attack would be somewhat difficult to carry out, since the vulnerability only exists during the Java SE installation process, Oracle said. An attacker would need to trick a target into downloading malicious files before they attempted to install a vulnerable version of Java SE, according to the company.
“Though relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system,” Oracle said.
Users already running Java SE 6, 7 or 8 aren’t affected, but users who have previously downloaded versions prior to 6u113, 7u97 or 8u73 for later installation should discard the vulnerable software and replace it with newer versions, which include the patch, Oracle said.
Java SE Advanced Enterprise installers aren’t affected by the bug, according to the company.
Oracle has faced an uphill struggle in keeping Java secure, and last month announced it plans to eliminate the Java browser plug-in by March 2017.
The company reached a settlement with the US Federal Trade Commission in December that requires it to warn users if they’re running out-of-date versions of Java SE.
Are you a security pro? Try our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…