Oracle releases critical patch to fix 17 security flaws in Java SE


Oracle releases critical patch to fix 17 security flaws in Java SE

Jenny Williams

Oracle has released a critical patch to fix 17 security vulnerabilities across Java standard edition (SE) products.

The Java 6 update 26 for Windows, Solaris and Linux provides fixes for affected products, including JDK 5.0 update 29 and earlier, JDK and JRE 6 update 25 and earlier, and SDK 1.4.2_31 and earlier.

Oracle said: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible."

In a blog post, Chester Wisniewski, a security researcher at Sophos, said all but one of the vulnerabilities affect Java Runtime Environment software in web browsers.

"We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux," he said.

Chester Wisniewski added: "I recommend testing out your standard OS images without the Java plug-in. Most people aren't using Java these days and it reduces the attack surface for exploits delivered over the internet."

The next Oracle Java SE critical patch updates is due on 18 October 2011.


Picture courtesy of Peter Kaminsky

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy