Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle slaps critical patch on insecure Java

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Apr 2013 01:07:57 -0500 (CDT)
http://www.theregister.co.uk/2013/04/17/oracle_java_security_update/

By Jack Clark in San Francisco
The Register
17th April 2013
Oracle has issued a critical update patch for Java as the database giant works to shore up confidence in the widely used code.
The security update fixes 42 security flaws, 19 of which merit a 10 (most severe) rating acording to the CVVS metric the company uses to evaluate the software. Along with this, Oracle has also sought to give users more information about the Java apps that want to execute code within the browser.
The patch comes at a time when many security pros are questioning the value of Java, with many seeing its presence in user's browsers as a liability rather than a benefit.
Of the 42 security flaws patched by Oracle in April, 39 of them "may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle wrote in the patch notes. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: