Oracle has patched a critical vulnerability in recent Java versions that attackers could exploit to forge security certificates, digital signatures, two-factor authentication messages, and authorization credentials. The security fix was included in the April 2022 Critical Patch Update released last week.

The problem (CVE-2022-21449) exists in the way the Elliptic Curve Digital Signature Algorithm (ECDSA) is implemented in Java versions 15, 16, 17 and 18. Defenders should check which version of Java they are running and update. Java 15 and 16 are no longer supported and the issue has been fixed in Java 17.0.3 and 18.0.1.

1. Check and update: Use the command to check which version of Java is running Java version (or java.exe version on Windows).

A manual check is worthwhile as it is possible that several Java versions are installed on the system at the same time, since there can be different versions of the Java Development Kit (JDK) and the Java Runtime Environment (JRE).


Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.