Last week Oracle released its security update for June 2013, which comprises 40 security updates, with 37 of them addressing vulnerabilities that lead to malware execution. Among the updates is one that fixes a vulnerability found in Javadoc.
Javadoc is a tool that generates frames for online documentation web apps. However, there is a vulnerability in how Javadoc interprets user supplied frames, leaving it vulnerable to frame injection when hosted on a web server. By using the vulnerable variation, and put into a webpage, a user clicking into the frame will be going to a malicious redirection.
The other updates address vulnerabilities in:
- JDK and JRE 7, 6 and 5.0
- JavaFX 2.2.21 and earlier
NOTE TO MIT USERS: Before installing Java updates to a computer in the MIT environment, please review this article: Which Java version should I install?