Oracle released an unscheduled update for Java SE 6, 7 and 8, which fixes a serious vulnerability contained in the installer for Windows (CVE-2016-0603). The vulnerability is not new and was found by a German researcher Stefan Kanthak.
The vulnerability lies in the fact that the installer can download and execute the .DLL files from its directory, which is usually “Downloads” folder. Kanthak says that it won’t be easy to perform such an attack in Java installer, however result is definitely worth the effort. First, before the victim installed Java, an attacker would have to trick it to download malicious .DLL files, placing them in the same directory as the installer. If this condition has been met, an attacker could completely compromise the victim’s computer. As soon as the user starts to install Java, the malicious code hiding in the .DLL files will be executed.
Previously, researcher have found a similar problem in many applications, such as Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt and Apple iTunes. In addition, this bug has been exposed to many antivirus products installers including ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7’s ScanNowUPnP, Kaspersky and F-Secure.
Oracle representatives explain that the users who previously downloaded versions of the Java SE below 6u113, 7u97 and 8u73, with an objective to install them later, should remove these installers and replace them with versions 6u113, 7u97 and 8u73. It is not necessary to update already installed Java, as the attack works only during the installation. Kanthak also noted that a similar vulnerability was found by him in the installer of Oracle VM VirtualBox (CVE-2016-0602), and the company has corrected the bug back in January of this year.
Thank you – this was very complete and most importantly – it worked. Other things I tried, including through my Internet service provider tech support did not work – Mike Black
Thanks! It works! – Michael S. Hardy
This was very intuitive and helpful. Just make sure you follow each step in the correct order. It is time consuming, but very important. Thank you! – Jorma Filatov
Such a great website, a lot of useful information! Glad I found you – Jennifer Middleton