Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Pushes Massive Patch Release Ahead of Schedule

Oracle has released a Java update addressing 50 vulnerabilities, two weeks ahead of schedule. The company has faced an uphill security battle in the last year, finding itself pitted against researchers and criminals who have discovered hundreds of flaws.

Oracle has released a Java update addressing 50 vulnerabilities, two weeks ahead of schedule. The company has faced an uphill security battle in the last year, finding itself pitted against researchers and criminals who have discovered hundreds of flaws.

Oracle said the early release is due to “active exploitation ‘in the wild’ of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers,” though they didn’t say which of the 49 patches addressing remote code execution it vulnerabilities was being referred to.

Last month, researchers discovered a vulnerability in Java that was being widely exploited online after it was added to the Blackhole and Cool Exploit crime kits. Oracle responded by releasing a patch a short time later. However, that patch didn’t completely fix the issue, and included two additional flaws, compounding what was already a major problem.

Oracle is encouraging that everyone update their Java installations immediately, a sentiment that is mirrored by the Department of Homeland Security. However, the DHS says that until updates can be applied, the public is encouraged to disable Java within their browsers.

“These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment,” a DHS advisory (via US CERT) says.

During a conference call with Java users and developers last month, Oracle’s Milton Smith, head of Java security, said that Java must be fixed.

“The plan for Java security is really simple,” he said. “It’s to get Java fixed up number one, and then number two, to communicate our efforts widely. We really can’t have one without the other… No amount of talking or smoothing over is going to make anybody happy or do anything for us. We have to fix Java.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Former Barclay’s CISO Oliver Newbury has joined ransomware protection firm Halcyon as a strategic advisor

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.