There is a massive stack of Java patches on deck for tomorrow, with Oracle planning to fix 40 vulnerabilities in a number of different components of Java SE. Nearly all of the vulnerabilities are remotely exploitable.
Oracle doesn’t release much in the way of information about the content of its patch updates before the fixes are posted, but of the 40 vulnerabilities to be patched on Tuesday, 37 of them are remotely exploitable. The company said that it will post patches for flaws in several different versions of Java JDK and JRE. There are fixes for JDK and JRE 7 update 21 and earlier; JRE 6 update 45 and earlier; and JRE 5 update 45 and earlier. There also are patches for Java FX 2.2.21.
“This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” Oracle said in its advisory.
“This Critical Patch Update contains 40 new security fixes for Oracle Java SE. 37 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.”
Image from Flickr photostream of Peter Kaminski.