Oracle Issues Patch to Fix 14 Vulnerabilities

Microsoft wasn’t the only company that recognized patch Tuesday yesterday; Oracle patched 14 vulnerabilities in Java Standard edition as well.

Microsoft wasn’t the only company that recognized patch Tuesday yesterday; Oracle patched 14 vulnerabilities in Java Standard edition as well.

In their update advisory, Oracle strongly recommends that users update as soon as possible given the threat posed by successful exploitation of these vulnerabilities, six of which received the highest possible common vulnerability scoring system (CVSS) rating.

If unpatched, 12 of the vulnerabilities are remotely exploitable without authentication. An attacker could exploit these vulnerabilities over a network without a username or password.

This update addresses security vulnerabilities in the Java development kit (JDK) and runtime environment (JRE) version 7 update 4 and earlier, JDK and JRE version 6 update 32 and earlier, JDK and JRE update 35 and earlier, JDK and JRE 1.4.2 update 37 and earlier, and JavaFX 2.1 and earlier.

Oracle gives credit for reporting these vulnerabilities to Adam Gowdiak of Security Explorations, Andrei Costin of Secunia, Chris Ries of TippingPoint, and Clayton Smith of Entrust.

You can find more information about this and other Oracles patch announcements here.

Suggested articles

Discussion

  • Anonymous on

    I think you left the version number of the last JDK/JRE patch - update 35.

     

    It should be 1.5.35

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.