Oracle Addresses 17 Bugs with Java Update

Oracle has pushed an update to its popular Java SE platform by patching 17 vulnerabilities, all which could allow an attacker to remotely exploit a machine without authentication.

Oracle has pushed an update to its popular Java SE platform by patching 17 vulnerabilities, all which could allow an attacker to remotely exploit a machine without authentication.

In the patch update, five apply to client and server versions of Java SE. Eleven of the patches apply to client versions of Java SE and one applies to only the server version of Java SE. Oracle rated each patch “critical.” The company recommends “that customers apply fixes as soon as possible.”

Used on more than 850 million personal computers worldwide, Java has joined the ranks, along with Microsoft’s Internet Explorer, Windows and Adobe’s Reader and Flash, to become one of the internet’s most targeted vectors by hackers.

Oracle is in its sixth year of issuing its patches for servers and databases quarterly as part of their Critical Patch Update (CPU) program. While the next CPU is scheduled for July 19, Java SE won’t see its next update until October 18, according to this timetable.

Attacks against vulnerabilities in Java have become a mainstay of the online threat environment in recent years, as attacks shift from a focus on the Windows operating system and applications to Web based- and cross platform applications that use Java and Javascript. Research by Kaspersky Lab found that vulnerabilities in Internet Explorer, PDFs and Java represent 66% of all attacks in modern exploit kits used in online attacks. 

Suggested articles

oracle solaris zero-day attack

Oracle Solaris Zero-Day Attack Revealed

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.