Oracle rushes out another Java update


Oracle rushes out another Java update

Warwick Ashford

Oracle has rushed out another security update for Java in the wake of a flawed update released in January.

That update was also rushed out because one of the vulnerabilities – CVE-2013-0422 – was being exploited in the wild and had been added to the Blackhole and Nuclear Pack exploit kits.

The latest update comes two weeks ahead of schedule and is aimed at fixing 50 vulnerabilities, most of which are exploitable remotely without needing a username and password.

Like the January update, Oracle said the latest update had been released ahead of schedule because of reports that one of the vulnerabilities covered by the update is already being exploited by attackers.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU [critical patch update] fixes as soon as possible," the company said in an update advisory.

Until the CPU fixes are applied, Oracle said there were two workarounds to reduce the risk of a successful attack.

One is to restrict network protocols required by an attack, and the other, for attacks that require certain privileges or access to certain packages, is to remove the privileges or the ability to access the packages from unprivileged users.

“Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem,” the advisory said.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy