After several days of nothing from Oracle a new update has just been quietly posted to Java.com and Oracle’s Java page. Update 7 doesn’t include anything significant at quick glance according to the release notes however there’s been reports that the recent Java Metasploit modules don’t work anymore. Here’s a link to one of the release notes. For those that want a quick peak … see the image below. And if you look real closely waaaayyyy down at the bottom of the image you’ll see “This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2012-4681.”
According to this CVE in the NVD it was last updated on 8/29/2012 and the description reads, “Oracle Java 7 Update 6, and possibly other versions, allows remote attackers to execute arbitrary code via a crafted applet, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.” Well there ya go…
What do you think about Oracle being so quiet for the past few days and then just randomly releasing a patch? Let us know in the comments below. Today’s post pic is from Oracle.com. See ya!