Oracle has pushed an update to its popular Java SE platform by patching 17 vulnerabilities, all which could allow an attacker to remotely exploit a machine without authentication.
In the patch update, five apply to client and server versions of Java SE. Eleven of the patches apply to client versions of Java SE and one applies to only the server version of Java SE. Oracle rated each patch “critical.” The company recommends “that customers apply fixes as soon as possible.”
Used on more than 850 million personal computers worldwide, Java has joined the ranks, along with Microsoft’s Internet Explorer, Windows and Adobe’s Reader and Flash, to become one of the internet’s most targeted vectors by hackers.
Oracle is in its sixth year of issuing its patches for servers and databases quarterly as part of their Critical Patch Update (CPU) program. While the next CPU is scheduled for July 19, Java SE won’t see its next update until October 18, according to this timetable.
Attacks against vulnerabilities in Java have become a mainstay of the online threat environment in recent years, as attacks shift from a focus on the Windows operating system and applications to Web based- and cross platform applications that use Java and Javascript. Research by Kaspersky Lab found that vulnerabilities in Internet Explorer, PDFs and Java represent 66% of all attacks in modern exploit kits used in online attacks.