Share

Top 5 Stories

News

Oracle plugs 14 holes in Java

16 February 2012

Oracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product.

The vulnerabilities allow attackers to use Java applications or web services in order to remotely install malicious code on computers that run vulnerable versions of Java. Oracle said that such versions are likely to exist on Windows computers because Windows users tend to have administrative privileges. The risk is smaller for other operating systems such as Linux and Solaris, the company noted.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible”, Oracle stressed its advisory.

Oracle acknowledged the following organizations and individuals for assisting with the CPU: Alin Rad Pop (binaryproof) via Tipping Point's Zero Day Initiative; TELUS Security Labs; Chris Ries via TippingPoint; Doug Lea of Oswego State University of New York; Jeroen Frijters; Peter Vreugdenhil of TippingPoint DVLabs; and Timo Warns of PRESENSE Technologies.

Commenting on the Java patch, Wolfgang Kandek, chief technology officer with Qualys, said: "Currently Java's most common version (Java 6) has five vulnerabilities that are critical. They all have a CVSS score above 9, indicating that they can be exploited through the network without authentication and are capable of providing remote control to the attacker. We recommend installing this update as quickly as possible, as Java is frequently used as an initial access method in web-borne attacks.”
 

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×