Information Security News
mailing list archives
Oracle slaps critical patch on insecure Java
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Apr 2013 01:07:57 -0500 (CDT)
By Jack Clark in San Francisco
17th April 2013
Oracle has issued a critical update patch for Java as the database giant
works to shore up confidence in the widely used code.
The security update fixes 42 security flaws, 19 of which merit a 10
(most severe) rating acording to the CVVS metric the company uses to
evaluate the software. Along with this, Oracle has also sought to give
users more information about the Java apps that want to execute code
within the browser.
The patch comes at a time when many security pros are questioning the
value of Java, with many seeing its presence in user's browsers as a
liability rather than a benefit.
Of the 42 security flaws patched by Oracle in April, 39 of them "may be
remotely exploitable without authentication, i.e., may be exploited over
a network without the need for a username and password," Oracle wrote in
the patch notes.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Oracle slaps critical patch on insecure Java InfoSec News (Apr 17)