Oracle updates Java, Adobe patches ColdFusion

Share this article:
Oracle on Monday released an update to its Java software, fixing several security flaws.

The update, Java 6 Update 30 (6u30), contains mostly performance and stability fixes and is largely void of “gaping security craters .. for a change,” Daniel Wesemann, a handler for the SANS Internet Storm Center, wrote in a blog post Monday. It does, however, contain security fixes that impact developers, he said.

The update, for example, clears up an issue that caused Java 6 Update 29 to break SSL connectivity. Another problem involves secure cookies being sometimes dropped.

The patch comes on the heels of recent numbers from Microsoft, which show that the most common exploit seen in the first half of 2011 was based on Java, a programming language created by Sun Microsystems, now owned by Oracle.

Tim Rains, director of product management in Microsoft's Trustworthy Computing group, said in a blog post earlier this month that between the third quarter of 2010 and the second quarter of 2011, between a third and a half of all observed exploits were Java-based. In total during that time, Microsoft's security technology blocked roughly 27.5 million Java exploit attempts.

Meanwhile, Adobe on Tuesday issued an update for its application development platform, ColdFusion, to address security vulnerabilities listed as “important,” the company's second-highest severity rating. The flaws, which impact ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX, could lead to a cross-site scripting attack, Adobe said in its security bulletin.

Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.