Oracle issues out-of-band patch to repair 50 Java vulnerabilities

Oracle has issued an update to Java two weeks ahead of the normal schedule.

A significant patch to Oracle's Java SE was released today, two weeks ahead of schedule. According to the advisory accompanying the update, fully 49 of the 50 fixes contained in the patch are remotely exploitable.

Writing in a blog, Software Security Assurance Director Eric Maurice said the company "decided to accelerate the release of this Critical Patch Update because active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed."

This is not the first out-of-band update to Java this year. A zero-day vulnerability that was spotted in the wild was patched on Jan. 13 -- only to have two new Java vulnerabilities announced within days.

The large number of significant security issues has caused discussion in some security circles about whether Java should remain in general use, but has also engendered some criticism of Oracle for not communicating its plans for dealing with Java security concerns. Milton Smith, Java's senior principle security product manager, said in a recorded conference call that, "The plan for Java security is really simple. It's to get Java fixed up," he said. "And then number two, to communicate our efforts widely."

Dig deeper on Configuration Management Planning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close