Oracle has delivered an out-of-box emergency patch for Java to fix during-installation flaw on Windows platforms. The vulnerability coded as CVE-2016-0603 could allow attackers to trick users to visit malicious website and download files on the user’s system before installing Java 6, 7 or 8.
More about Java Exploit
An attacker tricks the unskilled user to open Java release even if user is nowhere near the Java website. Users who have downloaded old version of Java should discard them and replace with updated version. Further, anyone installing Java should download it from official website only.
“However, Java users who have downloaded any old version of Java before 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later,” says Eric Maurice, Oracle security blogger.
Recommended for you: Beware Netizens! New Virus on Prowl on Social Sites
Oracle has not provided much detail about this flaw, but have recommended users to ensure that they are running an updated version of Java SE, and all older releases of software are completely removed. Oracle also advised to download Java from the official Java.com website only.