Home page logo
/

isn logo Information Security News mailing list archives

Oracle slaps critical patch on insecure Java
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Apr 2013 01:07:57 -0500 (CDT)

http://www.theregister.co.uk/2013/04/17/oracle_java_security_update/

By Jack Clark in San Francisco
The Register
17th April 2013

Oracle has issued a critical update patch for Java as the database giant works to shore up confidence in the widely used code.

The security update fixes 42 security flaws, 19 of which merit a 10 (most severe) rating acording to the CVVS metric the company uses to evaluate the software. Along with this, Oracle has also sought to give users more information about the Java apps that want to execute code within the browser.

The patch comes at a time when many security pros are questioning the value of Java, with many seeing its presence in user's browsers as a liability rather than a benefit.

Of the 42 security flaws patched by Oracle in April, 39 of them "may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle wrote in the patch notes.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Oracle slaps critical patch on insecure Java InfoSec News (Apr 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault