Network Security, Patch/Configuration Management, Vulnerability Management

Oracle updates Java, Adobe patches ColdFusion

Oracle on Monday released an update to its Java software, fixing several security flaws.

The update, Java 6 Update 30 (6u30), contains mostly performance and stability fixes and is largely void of “gaping security craters .. for a change,” Daniel Wesemann, a handler for the SANS Internet Storm Center, wrote in a blog post Monday. It does, however, contain security fixes that impact developers, he said.

The update, for example, clears up an issue that caused Java 6 Update 29 to break SSL connectivity. Another problem involves secure cookies being sometimes dropped.

The patch comes on the heels of recent numbers from Microsoft, which show that the most common exploit seen in the first half of 2011 was based on Java, a programming language created by Sun Microsystems, now owned by Oracle.

Tim Rains, director of product management in Microsoft's Trustworthy Computing group, said in a blog post earlier this month that between the third quarter of 2010 and the second quarter of 2011, between a third and a half of all observed exploits were Java-based. In total during that time, Microsoft's security technology blocked roughly 27.5 million Java exploit attempts.

Meanwhile, Adobe on Tuesday issued an update for its application development platform, ColdFusion, to address security vulnerabilities listed as “important,” the company's second-highest severity rating. The flaws, which impact ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX, could lead to a cross-site scripting attack, Adobe said in its security bulletin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.