Java SE 6u20

Oracle Patch Ormandy’s Security Vulnerability

Jessica Thornsby

Oracle have released a patch for Java SE 6, which rectifies the vulnerability in Java Web Start.

The vulnerability was first identified by Tavis Ormandy, who filed a proof of concept earlier this week. A few days afterwards, AVG Technologies reported they had identified an attack server that was exploiting this vulnerability.

This patch, prevents a Java Network Launch Protocol file without a codebase parameter from working. It can be downloaded now.

comments powered by Disqus