BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Oracle Releases February Java Security Update Ahead of Schedule Dealing with 50 Flaws

| by Charles Humble Follow 169 Followers on Feb 05, 2013. Estimated reading time: 1 minute |

Oracle has published a major security update for Java. The update was originally scheduled for February 19th, but was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".

According to the latest Oracle Risk Matrix, the update covers a total of 50 flaws: 49 of these can be remotely exploited - in other words just visiting a web page, for instance, might be enough to infect your computer; 26 carry the maximum Common Vulnerability Scoring System (CVSS) risk score of 10. Oracle hasn't said which of the remote code execution holes is the one that's actively being exploited but it is addressed with this patch.

The Sophos security blog provides some more information, and notes that "there is no particular reason why a Java application puts your computer at any greater risk than an application based on Windows .EXE files or OS X native binaries". However, being a cross-browser and cross-platform technology with a huge install base makes attacking Java a "high-yield exercise" for malware and virus authors. Sophos therefore recommends that users keep their local Java installs up-to-date. In addition, since the majority of attacks come via the web, browser users are advised to turn Java support off in their browsers until they encounter a site that they trust and which requires it.

The latest official Oracle versions are Java 7 Update 13 and Java 6 Update 39. This month (February 2013) marks the end of life of Java 6 as we previously noted. If you are using OS X 10.6 (Snow Leopard) then the latest update of Apple's version is Java for Mac OS X 10.6 Update 12.

Oracle currently has two more Java SE critical patch updates scheduled for this year, with the next due on the 18th June.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT