Oracle rolls out more critical patches for troublesome Java

Critical Patch Update fixes 21 bad-news vulnerabilities in Java SE and Java for Business

Oracle has unloaded a hefty package of patches aimed at fixing critical vulnerabilities in Java SE and Java for Business, and Oracle as well as third-party security experts are urging IT admins to deploy the security update immediately.

The majority of the vulnerabilities fixed by the update pertain to the JRE (Java Runtime Environment); these vulnerabilities can be exploited sans authentication, meaning attackers would not have to bother with coming up with a username and password.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

All told, eight of the vulnerabilities had a severity rating of 10 out of 10, two others were rated 7.6, and 4 more carried a rating of 5.0.

According to Oracle, 13 of the 21 vulnerabilities affect Java client deployments, and 12 of those 13 can be exploited via untrusted Java Web Start applications and untrusted Java applets, which run in the Java sandbox with limited privileges. One of the client vulnerabilities affects the Windows-specific Java Update component.

Three of the vulnerabilities affect client and server deployments and may be also be exploited through untrusted applications and applets, as well as by providing data to APIs in specific components through, for example, a Web service.

Another three only affect Java server deployments and can be exploited by supplying malicious data to APIs in the specified Java components. According to Oracle, one of these vulnerabilities was addressed as part of an emergency patch released on Feb. 8.

Finally, one of these vulnerabilities is specific to Java DB, a component in the Java JDK, but not included in JRE.

The critical patch update, along with more information, is available at Oracle's website.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags open sourcesecurityjavasoftwarepatch managementSecurity CentralOracle

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ted Samson

InfoWorld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?