- Joined
- 6 May 2012
- Messages
- 5,110
- Solutions
- 8
- Reaction score
- 9,139
Released Friday, the latest critical patch update contains fixes for 50 different security flaws.
Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.
The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.
"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS-independent, makes Java an attractive target for malicious hackers," Eric Maurice, director for Oracle's Software Security Assurance, said in the blog.
Security experts have warned about holes in the Java plug-in, with some going so far as to suggest that users uninstall or disable Java until its security can be tightened.
Oracle had issued an emergency security update on January 13. But that update left some flaws still unpatched, prompting Homeland Security to recommend that users still disable Java.
Friday's fix was originally scheduled for release on February 19. But Oracle said it decided to ramp up the schedule after finding that one of the flaws affecting the Java Runtime Environment was actively being exploited. The new update addresses that specific flaw and includes all of the fixes from January's update.
"Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers," Maurice noted.
Read More: Oracle pushes out new Java update to patch security holes | Webware - CNET
Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.
The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.
"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS-independent, makes Java an attractive target for malicious hackers," Eric Maurice, director for Oracle's Software Security Assurance, said in the blog.
Security experts have warned about holes in the Java plug-in, with some going so far as to suggest that users uninstall or disable Java until its security can be tightened.
Oracle had issued an emergency security update on January 13. But that update left some flaws still unpatched, prompting Homeland Security to recommend that users still disable Java.
Friday's fix was originally scheduled for release on February 19. But Oracle said it decided to ramp up the schedule after finding that one of the flaws affecting the Java Runtime Environment was actively being exploited. The new update addresses that specific flaw and includes all of the fixes from January's update.
"Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers," Maurice noted.
Read More: Oracle pushes out new Java update to patch security holes | Webware - CNET
