Oracle’s Patches Address Java SE Security Flaws
Oracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE, published InfoSecurity in news dated February 16, 2012.
It maybe noted that Java is one kind of programming language that Sun Microsystems first utilized, with its most common function being -improving of web-pages. Incidentally, an extremely well-known Java interpreter, utilized in the modern time, is the Sun JRE (Java Runtime Environment) of Oracle.
Attackers, exploiting the Java SE holes, become able in utilizing Java software programs alternatively Web-services towards loading malware remotely onto PCs, which run un-patched Java editions. According to Oracle, such editions can be easily found on Windows PCs owing to the administrative rights the users of Windows enjoy, while the danger for the Solaris and Linux OSs is comparatively less.
The security flaws among which 5 have been described as most risk-prone, influence the JRE and Java Development Kit (JDK) 7 Update 2, JRE and JDK 6 Update 30, JRE and JDK 5.0 Update 33, JRE and SDK 1.4.2:35, as well as previous versions of each. More versions prior to JavaFX 2.0.2 also get influenced.
Chief technology officer Wolfgang Kandek at Qualys, while remarking about the Java update stated that presently, Java 6 the most common edition of Java contained 5 "critical" flaws whose CVSS score exceeded 9, indicating that they were exploitable via the network sans validation as also gave the attacker remote control. Therefore, users must deploy the update soon since Web-attackers often utilized Java to gain initial access, he added. InfoSecurity published this.
Encouragingly, Oracle's update addresses all the vulnerabilities within Java SE 6 Update 31, Java SE 7 Update 3 as also JavaFX 2.0.3. The patches pertain to Windows, Solaris and Linux. As for computers running Windows, the patches become automatically deployed or can be installed manually after taking them down from Java's website.
Java flaws are being exploited more-and-more through drive-by downloads. Indeed, their exploitation exceeds even those of browser flaws. Hence, researchers rate the latest Java patches -critical. For users who've loaded Java, and the number is high, they should take down and load Oracle's patches fast.
Related article: Oracle Charged SAP For Copying Its Programs
» SPAMfighter News - 23-02-2012