Oracle plugs 42 Java flaws in critical update
By Stewart Mitchell
Posted on 17 Apr 2013 at 11:06
Oracle is issuing 170 security patches – with 42 for Java alone – in a set of critical updates for its products.
In the update for Java, the company said users should take action as soon as possible, with 19 of the patches fixing issues that were given the company's highest risk factor of ten.
"This Critical Patch Update contains 42 new security fixes for Oracle Java SE - 39 of these vulnerabilities may be remotely exploitable without authentication," the company said. "They may be exploited over a network without the need for a username and password."
The company also cautioned anyone who had missed previous updates to check back through their records so see what needed updating.
It's a fight for the Java plugin's life. Either a lot of companies are going to turn these off, or they are going to have their confidence restored
Java has been the target of a series of attacks taking advantage of unpatched flaws, and while the latest set of fixes was viewed as a chance to rebuild confidence it's unclear whether too much damage.
Java attacks hit hundred of companies including Apple, Facebook and Twitter in February, and security experts warned computer users to ditch Java full stop in January.
"It was pretty embarrassing what happened with the Facebook attacks," IDC analyst Al Hilwa told Reuters.
"It's a fight for the Java plugin's life. Either a lot of companies are going to turn these off, or they are going to have their confidence restored."
As well as the 42 Java patches, the company also moved to shore up its other products with 128 patches, including three for its flagship Database product and 12 for its Fusion Middleware.
Apple has also released two security updates, one addressing a vulnerability in Java 6, which the company maintains on its Mac OS X platform.
The second patch mends a vulnerability in WebKit, the rendering engine in the Safari browser, but the fix has taken several weeks to surface since first being exploited.
"The WebKit vulnerability was also originally found in the Pwn2Own competition, but in this case in Google's Chrome browser," said Wolfgang Kandek, CTO at security firm Qualys. "Google fixed the vulnerability last month, the day after it was handed to them by the organisers of the competition."
Is your business a social business? For helpful info and tips visit our hub.
"Google fixed the vulnerability last month, the day after it was handed to them by the organisers of the competition."
By Mark_Thompson on 17 Apr 2013
Apologies for being pedantic but ...
"Java has been the target of a series of attacks taking advantage of unpatched flaws, and while the latest set of fixes was viewed as a chance to rebuild confidence it's unclear whether too much damage."
Whether too much damage what????
I know I've been known to make a few grammatical mistakes now and then but I've seen a lot of these types of unfinished sentences in articles on PCPro over the last year and it's starting to irk me a little as it causes me to re-read things several times to make sure I'm not losing the plot. Does nobody proof read anymore?
By koshthetrekkie on 17 Apr 2013
- iPhone 6 features, specs and UK release date: when does the iPhone 6 launch?
- iPad sales stall as owners "too happy to upgrade"
- iWatch UK release date, specs and price rumours: when is the iWatch coming to the UK?
- Piracy warning letters: four strikes and you're not out
- iPhone 6's Apple logo may light up for notifications
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- I went to Glastonbury and the only thing that got high was my smartphone
- Meet the robots helping teach children
- PaperLater: would you pay to print the internet?
- Amazon vs Kobo: how much to make the ebook switch?
- Phishing emails: how I nearly got caught out
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?