Oracle updates Java, Adobe patches ColdFusion

Share this article:
Oracle on Monday released an update to its Java software, fixing several security flaws.

The update, Java 6 Update 30 (6u30), contains mostly performance and stability fixes and is largely void of “gaping security craters .. for a change,” Daniel Wesemann, a handler for the SANS Internet Storm Center, wrote in a blog post Monday. It does, however, contain security fixes that impact developers, he said.

The update, for example, clears up an issue that caused Java 6 Update 29 to break SSL connectivity. Another problem involves secure cookies being sometimes dropped.

The patch comes on the heels of recent numbers from Microsoft, which show that the most common exploit seen in the first half of 2011 was based on Java, a programming language created by Sun Microsystems, now owned by Oracle.

Tim Rains, director of product management in Microsoft's Trustworthy Computing group, said in a blog post earlier this month that between the third quarter of 2010 and the second quarter of 2011, between a third and a half of all observed exploits were Java-based. In total during that time, Microsoft's security technology blocked roughly 27.5 million Java exploit attempts.

Meanwhile, Adobe on Tuesday issued an update for its application development platform, ColdFusion, to address security vulnerabilities listed as “important,” the company's second-highest severity rating. The flaws, which impact ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX, could lead to a cross-site scripting attack, Adobe said in its security bulletin.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.