RECENTLY HACKED Apple and Oracle are rolling out patches that fix zero day flaws found in Java software running in web browsers.
The vulnerabilities identified in bulletins CVE-2013-1493 and CVE-2013-0809 were originally uncovered by researchers at security firm Fireeye, who said that their cloud security monitoring spotted online exploits in the wild targeting zero day flaws in Oracle's Java plugin.
Fireeye explained that the exploits attempted to target a remote code execution flaw and, when successful, download and execute a malware package.
Oracle issued a statement today announcing a Java update patching these vulnerabilities, called Security Alert CVE-2013-1493.
"Both vulnerabilities affect the 2D component of Java SE," Oracle explained. "These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications."
The company noted that the flaws are only present in client versions of Java, and "do not affect Oracle server-based software", so administrators will not need to update their Java servers to protect against attack.
Oracle recommends applying the patch as soon as possible. Desktop users on Windows and Linux can install the patch from java.com or through Java autoupdate, while Mac OS X users can obtain the fix through Apple's Software Update component.
Oracle hasn't been having the best time recently. This is the second time zero day exploits have been found in its Java software in the past eight weeks.
Back in January, a zero-day exploit was discovered in the wild and security vendors advised users to disable Java support in their computers in order to stay safe.
According to Trend Micro, the flaw was being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK) to distribute ransomware, particularly Reveton variants. µ
Sign up for INQbot – a weekly roundup of the best from the INQ