Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle to Patch 14 Security Flaws in Java SE

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

Oracle LogoThe critical patches will apply to systems running JRE and JDK versions 5.0 (Update 35 and earlier), 6.0 (Update 32 and earlier), and 7.0 (Update 4 and earlier). The update also applies to SDK and JRE version 1.4.2_37 and earlier, as well as JavaFX 2.1.

It’s worth a mention that the at least one patch has earned a CVSS score of 10, meaning it has the highest level of importance. Of the 14 patches to be released, 12 of them are remotely exploitable without any authentication.

Based on Oracle’s information, several of the patches address issues within JRE, a commonly targeted component in Java itself.

It goes without saying really that the patches should be applied immediately, but the best bet is that if Java isn’t used or needed, it shouldn’t be installed in the first place.

The patches are set to ship Tuesday afternoon (June 12). 

RelatedEndless Exploit Attempts Underline Importance of Timely Java Patching

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.