Oracle fixes the latest 40 Java security flaws
In the continuing race to the bottom between Oracle Java and Adobe Flash, the Java maker moves ahead...or is it behind? Today the company rolls out a series of patches for 40 different flaws. A pre-release announcement tells of the fix, but does not provide much in the way of information about the content of its patch updates before the fixes are posted.
"This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE", according to Oracle. "This Critical Patch Update contains 40 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible".
The vulnerabilities being fixed by this latest round of Critical Patch Updates are scored using the standard CVSS 2.0 ( Common Vulnerability Scoring System). The highest CVSS 2.0 base score for vulnerabilities is 10.0. The system contains information that includes a relative severity of security risks.
According to the pre-release bulletin, "37 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password".
Fixes will begin rolling out today to all victims... ahh... customers. It affects users of both JDK and JRE versions 5, 6 and 7, as well as JavaFX 2.2.21 and earlier. Good luck and happy updating.