Oracle rolls out more critical patches for troublesome Java

Critical Patch Update fixes 21 bad-news vulnerabilities in Java SE and Java for Business

Oracle has unloaded a hefty package of patches aimed at fixing critical vulnerabilities in Java SE and Java for Business, and Oracle as well as third-party security experts are urging IT admins to deploy the security update immediately.

The majority of the vulnerabilities fixed by the update pertain to the JRE (Java Runtime Environment); these vulnerabilities can be exploited sans authentication, meaning attackers would not have to bother with coming up with a username and password.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

All told, eight of the vulnerabilities had a severity rating of 10 out of 10, two others were rated 7.6, and 4 more carried a rating of 5.0.

According to Oracle, 13 of the 21 vulnerabilities affect Java client deployments, and 12 of those 13 can be exploited via untrusted Java Web Start applications and untrusted Java applets, which run in the Java sandbox with limited privileges. One of the client vulnerabilities affects the Windows-specific Java Update component.

Three of the vulnerabilities affect client and server deployments and may be also be exploited through untrusted applications and applets, as well as by providing data to APIs in specific components through, for example, a Web service.

Another three only affect Java server deployments and can be exploited by supplying malicious data to APIs in the specified Java components. According to Oracle, one of these vulnerabilities was addressed as part of an emergency patch released on Feb. 8.

Finally, one of these vulnerabilities is specific to Java DB, a component in the Java JDK, but not included in JRE.

The critical patch update, along with more information, is available at Oracle's website.

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: etwork, Oracle
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: open source, security, java, software, patch management, Security Central, Oracle
Whitepapers
All whitepapers

Australia needs effective government cyber policy leadership: report

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia