News Stay informed about the latest enterprise technology news and product updates.

Oracle issues out-of-band patch to repair 50 Java vulnerabilities

Oracle has issued an update to Java two weeks ahead of the normal schedule.

A significant patch to Oracle's Java SE was released today, two weeks ahead of schedule. According to the advisory accompanying the update, fully 49 of the 50 fixes contained in the patch are remotely exploitable.

Writing in a blog, Software Security Assurance Director Eric Maurice said the company "decided to accelerate the release of this Critical Patch Update because active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed."

This is not the first out-of-band update to Java this year. A zero-day vulnerability that was spotted in the wild was patched on Jan. 13 -- only to have two new Java vulnerabilities announced within days.

The large number of significant security issues has caused discussion in some security circles about whether Java should remain in general use, but has also engendered some criticism of Oracle for not communicating its plans for dealing with Java security concerns. Milton Smith, Java's senior principle security product manager, said in a recorded conference call that, "The plan for Java security is really simple. It's to get Java fixed up," he said. "And then number two, to communicate our efforts widely."

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.