“Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 “in the wild,” Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”
The vulnerability – CVE-2013-1493 – affects Java 1.6 update 41 and version 1.7 update 15, which happen to be the latest releases, and can be exploited to install a remote access trojan that has been named ‘McRat’. Once installed via a malicious web page McRat will widely copy itself on Windows systems and will attempt to contact its command and control servers.
“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password.”
According to Oracle these most recent vulnerabilities only affect Java being run in web browsers – server-based software, standalone and embedded applications and Java running on servers are not at risk. For those of you who are running Java in your web browser it may be wise to get rid completely. Otherwise, you can update to the latest version either via auto-update or by visiting the Java web site.