Oracle releases critical patch to fix 17 security flaws in Java SE

News

Oracle releases critical patch to fix 17 security flaws in Java SE

Jenny Williams

Oracle has released a critical patch to fix 17 security vulnerabilities across Java standard edition (SE) products.

The Java 6 update 26 for Windows, Solaris and Linux provides fixes for affected products, including JDK 5.0 update 29 and earlier, JDK and JRE 6 update 25 and earlier, and SDK 1.4.2_31 and earlier.

Oracle said: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible."

In a blog post, Chester Wisniewski, a security researcher at Sophos, said all but one of the vulnerabilities affect Java Runtime Environment software in web browsers.

"We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux," he said.

Chester Wisniewski added: "I recommend testing out your standard OS images without the Java plug-in. Most people aren't using Java these days and it reduces the attack surface for exploits delivered over the internet."

The next Oracle Java SE critical patch updates is due on 18 October 2011.

 

Picture courtesy of Peter Kaminsky


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy