Oracle releases 42 fixes for Java bugs as part of wider security update

Share this article:

Oracle's quarterly security update contains 42 fixes for bugs in Java and an improved notification system to help users determine the trustworthiness of Java programs before executing them.

In a Tuesday announcement released before the update, Oracle said that the patches address 39 Java flaws that could be remotely exploited by an attacker without a user's login credentials.

Some of the vulnerabilities earned a score of 10, the most severe ranking under Oracle's Common Vulnerability Scoring System (CVSS).

Version 7u21 of Java also brings changes to the security notifications users see while running Java applets and applications. For the last several years, vulnerabilities in Java have presented some of the most prolific threats facing enterprises.

According to a security message on Java's site, the update will encourage developers and vendors to have their applications deemed legitimate by using digital certificates issued by a trusted certificate authority (CA).

"Low-risk scenarios present very minimal messages," the post said. "They include a checkbox to prevent the display of similar messages for applications provided by the same vendor in the future. Higher-risk scenarios, such as running unsigned applications, require further interaction."

The Java release came as part of Oracle's larger security update featuring 128 patches to remediate bugs in hundreds of its products.

The update includes four patches for vulnerabilities in Oracle's popular Database Server; the bugs are all able to be remotely exploited by an attacker without authentication.

Twenty-two holes plugged in Oracle's Fusion Middleware product could also be remotely exploited.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.