Oracle updates Java, Adobe patches ColdFusion

Share this article:
Oracle on Monday released an update to its Java software, fixing several security flaws.

The update, Java 6 Update 30 (6u30), contains mostly performance and stability fixes and is largely void of “gaping security craters .. for a change,” Daniel Wesemann, a handler for the SANS Internet Storm Center, wrote in a blog post Monday. It does, however, contain security fixes that impact developers, he said.

The update, for example, clears up an issue that caused Java 6 Update 29 to break SSL connectivity. Another problem involves secure cookies being sometimes dropped.

The patch comes on the heels of recent numbers from Microsoft, which show that the most common exploit seen in the first half of 2011 was based on Java, a programming language created by Sun Microsystems, now owned by Oracle.

Tim Rains, director of product management in Microsoft's Trustworthy Computing group, said in a blog post earlier this month that between the third quarter of 2010 and the second quarter of 2011, between a third and a half of all observed exploits were Java-based. In total during that time, Microsoft's security technology blocked roughly 27.5 million Java exploit attempts.

Meanwhile, Adobe on Tuesday issued an update for its application development platform, ColdFusion, to address security vulnerabilities listed as “important,” the company's second-highest severity rating. The flaws, which impact ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX, could lead to a cross-site scripting attack, Adobe said in its security bulletin.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.