{"id":11175,"date":"2013-03-05T10:37:43","date_gmt":"2013-03-05T18:37:43","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=11175"},"modified":"2016-10-06T12:29:04","modified_gmt":"2016-10-06T19:29:04","slug":"oracle-releases-java-se-7u17-and-resolves-cve-2013-1493","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/oracle-releases-java-se-7u17-and-resolves-cve-2013-1493\/","title":{"rendered":"Oracle Releases Java SE 7u17 and Resolves CVE-2013-1493"},"content":{"rendered":"

\"\"<\/a>Oracle has released<\/a> Java SE 7u17 with emergency security updates that resolves two vulnerabilities affecting Java running in web browsers. This update addresses security issues CVE-2013-1493 and CVE2013-0809, both of which are affecting Java running in web browsers. These vulnerabilities may be remotely exploitable without the need for a username or password.\u00a0\u201cBoth vulnerabilities affect the 2D component of Java SE. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software,\u201d said the company.<\/p>\n

The reported<\/a> exploitation of CVE-2013-1493 \u201cin the wild\u201d was recently received by Oracle. However, this bug\u2014a Windows backdoor Trojan\u2014was originally reported to Oracle on February 1, 2013, but it was too late to be included in the February release of the Critical Patch update for Java SE<\/a>. Due to the reports of active exploitation of CVE-2013-1493, Oracle has issued this emergency security update ahead of the company\u2019s intended April 16, 2013 Critical Patch Update for Java SE.<\/p>\n

Descriptions of the two vulnerabilities resolved in the Java SE 7u17 software update are as follows:<\/p>\n