Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle to Patch 14 Security Flaws in Java SE

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

Oracle LogoThe critical patches will apply to systems running JRE and JDK versions 5.0 (Update 35 and earlier), 6.0 (Update 32 and earlier), and 7.0 (Update 4 and earlier). The update also applies to SDK and JRE version 1.4.2_37 and earlier, as well as JavaFX 2.1.

It’s worth a mention that the at least one patch has earned a CVSS score of 10, meaning it has the highest level of importance. Of the 14 patches to be released, 12 of them are remotely exploitable without any authentication.

Based on Oracle’s information, several of the patches address issues within JRE, a commonly targeted component in Java itself.

It goes without saying really that the patches should be applied immediately, but the best bet is that if Java isn’t used or needed, it shouldn’t be installed in the first place.

The patches are set to ship Tuesday afternoon (June 12). 

RelatedEndless Exploit Attempts Underline Importance of Timely Java Patching

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.