Oracle issues out-of-band patch to repair 50 Java vulnerabilities

Oracle has issued an update to Java two weeks ahead of the normal schedule.

A significant patch to Oracle's Java SE was released today, two weeks ahead of schedule. According to the advisory...

accompanying the update, fully 49 of the 50 fixes contained in the patch are remotely exploitable.

Writing in a blog, Software Security Assurance Director Eric Maurice said the company "decided to accelerate the release of this Critical Patch Update because active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed."

This is not the first out-of-band update to Java this year. A zero-day vulnerability that was spotted in the wild was patched on Jan. 13 -- only to have two new Java vulnerabilities announced within days.

The large number of significant security issues has caused discussion in some security circles about whether Java should remain in general use, but has also engendered some criticism of Oracle for not communicating its plans for dealing with Java security concerns. Milton Smith, Java's senior principle security product manager, said in a recorded conference call that, "The plan for Java security is really simple. It's to get Java fixed up," he said. "And then number two, to communicate our efforts widely."

Dig Deeper on Configuration Management Planning

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close