Oracle Java SE and Java SE Embedded Libraries Component Deserialization Vulnerability

A deserialization vulnerability has been identified in the Libraries component of Oracle Java SE and Java SE Embedded. This vulnerability allows remote attackers to impact the confidentiality, integrity, and availability of the affected system. The issue arises in specific versions of Oracle Java SE (6u95, 7u80, and 8u45) and Java SE Embedded (7u75 and 8u33). The vulnerability can be exploited by an untrusted Java application or applet that bypasses Java sandbox restrictions.

Impact

Exploitation of this vulnerability leads to a deserialization issue in the ObjectInputStream.readSerialData() method, which can be manipulated to affect the application's behavior or data processing.

Remediation

Users are advised to upgrade to the latest versions of Oracle Java SE or Java SE Embedded. For Oracle Java SE, the latest release can be downloaded from the Oracle website or via the Oracle Update mechanism on Windows and Mac OS X. Instructions for updating Oracle Java Embedded can be found in the Oracle Java SE Embedded Critical Patch Update Advisory.