Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

Short-News: Critical Oracle Java 7/8 patch for CVE-2016-0636 (remote code execution)

0

Oracle released a critical patch for Java 7/8 which patches CVE-2016-0636 – a remote code execution. This is a patch which has been released between two normal Oracle Java “Patch-Days”. This should be enough proof that the vulnerability is indeed critical. To quote Oracle:

Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. – Oracle Security Alert

The latest patches for Java 7 and 8 include the fix for this security issue. Affected were Oracle Java SE 7 Update 97, and Java SE 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X.

CVE-2016-0636 CVSS v2

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Further Information

This alert has been released on our ITSEC Telegram Channel as well as the ITSEC Alert Newsletter.