Newest Java Addresses Binary Planting Vulnerability
Last updated on: September 6, 2020
Oracle published a new version of Java 8, 7 and 6 to address a vulnerability in the installer. CVE-2016-0603 addresses a flaw where the attacker would seed the system with malicious DLLs that the installer would use instead of the DLLs included in the package itself. This type of vulnerability is generally known as binary planting.
As Oracle points out existing installations are not at risk. New installations should use the latest fixed packages to address the case where an end user might have visited a malicious site which could have prepared the machine for the attack by downloading altered versions of one of the DLLs involved. Fixed versions of Java are 6 update 113, 7 update 97 and 8 update 73.
I’ve read some articles about this and you have just confirmed that this is really happening. What are the impacts of those malicious DLLS to the installer? How dangerous can this be to a computer user?
By the way, thank you for the information. I hope the community can learn more about this, and they should update their software version as soon as possible.