Menu
Oracle releases Java patch update

Oracle releases Java patch update

The February patch was offered today -- ahead of schedule -- and contains fixes for 50 vulnerabilities

Oracle on Friday released a critical patch update for Java SE, offering the patch ahead of schedule to stave off an active exploitation affecting the Java Runtime Environment in desktop browsers. Server-side fixes are being offered as well.

Initially scheduled for release on February 19, the February 2013 critical patch update contains fixes for 50 vulnerabilities. Java has been under fire lately for security issues, particularly affecting browsers, and Oracle recently vowed to be more communicative about what it is doing to fix these problems. "The popularity of the Java Runtime Environment in desktop browsers and the fact that Java in browsers is OS-independent makes Java an attractive target for malicious hackers," Oracle said in its bulletin on Friday.

[ InfoWorld columnist Andrew Oliver vouches for Java's runtime security. | Sign up for InfoWorld's Enterprise Java newsletter for more news on Java. ]

Forty-four of the 50 vulnerabilities impact Java in Internet browsers. "In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets," Oracle said. "In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422."

Additionally, three of the vulnerabilities apply to client and server deployments of Java, in which these can be exploited on desktops through Java Web Start or browser applets or in servers by supplying malicious input to APIs in vulnerable components. "In some instances, the exploitation scenario of this kind of bugs on servers is very improbable; for example, one of these vulnerabilities can only be exploited against a server in the unlikely scenario that the server was allowed to process image files from an untrusted source." Two vulnerabilities fixed in the update only apply to server-side deployment of the Java Secure Socket Extension, but most of the vulnerabilities addressed in the patch update affect Java and JavaFX client deployments, Oracle noted. "This reflects the fact that the Java server environment is more secure than the Java Runtime Environment in browsers because servers operate in a more secure and controlled environment."

This article, "Oracle releases Java patch update," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Oraclepatch managementsoftwareapplication developmentJava Programming

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments