Oracle releases critical patch to fix 17 security flaws in Java SE

Oracle has released a critical patch to fix 17 security vulnerabilities across Java standard edition (SE) products.

Oracle has released a critical patch to fix 17 security vulnerabilities across Java standard edition (SE) products.

The Java 6 update 26 for Windows, Solaris and Linux provides fixes for affected products, including JDK 5.0 update 29 and earlier, JDK and JRE 6 update 25 and earlier, and SDK 1.4.2_31 and earlier.

Oracle said: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible."

In a blog post, Chester Wisniewski, a security researcher at Sophos, said all but one of the vulnerabilities affect Java Runtime Environment software in web browsers.

"We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux," he said.

Chester Wisniewski added: "I recommend testing out your standard OS images without the Java plug-in. Most people aren't using Java these days and it reduces the attack surface for exploits delivered over the internet."

The next Oracle Java SE critical patch updates is due on 18 October 2011.

 

Picture courtesy of Peter Kaminsky

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close