Oracle Releases Emergency Update To Patch McRat Vulnerability

“Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 “in the wild,” Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”


Oracle have released an emergency patch to address the latest exploit targeting Java that was discovered a few days ago.

The vulnerability – CVE-2013-1493 – affects Java 1.6 update 41 and version 1.7 update 15, which happen to be the latest releases, and can be exploited to install a remote access trojan that has been named ‘McRat’. Once installed via a malicious web page McRat will widely copy itself on Windows systems and will attempt to contact its command and control servers.

“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password.”

According to Oracle these most recent vulnerabilities only affect Java being run in web browsers – server-based software, standalone and embedded applications and Java running on servers are not at risk. For those of you who are running Java in your web browser it may be wise to get rid completely. Otherwise, you can update to the latest version either via auto-update or by visiting the Java web site.

photo: soozafone

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind