Oracle has issued a security alert for a Java vulnerability that if exploited can give attackers control and access to a user’s personal information.
The vulnerability means that attackers can access a user’s data without the need for a user name or password. Reading between the lines here and it appears that victims could fall prey to attackers who could turn the user’s system into a bot for other attacks.
To be successful, the user would have to fall victim to a malware attack. It would specifically hit people who who visit a malicious web site that is designed to attack those with the Java vulnerability. Successful exploits can impact the “availability, integrity, and confidentiality of the user’s system.”
Oracle states the following:
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 “in the wild,” Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
The Oracle web page has additional information for how to fix the exploit.
Of particular concern here is for enterprise users. The attack can happen over a network without the need for a user name or password. That means the network security may be unable to detect the attack, leaving users vulnerable to exploits.