Oracle releases bumper security update for Java
- Published
Oracle has released a bumper update package for Java that closes lots of security holes in the software.
The update fixes 51 separate security bugs in Java, which owner Oracle says is used on billions of devices.
About a dozen of the bugs were serious enough to allow attackers to take remote control of a compromised system, researchers said.
Java is one of the most popular targets for cyber-thieves and malware writers seeking to hijack home computers.
In its advisory about the update, external, Oracle urged customers to patch the software as soon as possible "due to the threat posed by a successful attack".
Programming language Java has proved popular because software written with it can easily be made to run on many different types of computer.
Twelve of the holes in Java addressed by the update topped the table that ranked the severity of security weaknesses in software, wrote Qualys security expert Wolfgang Kandek in a blogpost, external.
If these bugs were exploited, attackers could bypass ID controls and take over a target system, he added.
He said those seeking to exploit Java would probably seed web pages with booby-trapped links in a bid to catch vulnerable machines.
Security glitches in Java are favourites among those that write and run so-called "exploit kits" that seek to compromise vulnerable websites and other systems.
Security blogger Brian Krebs said if people needed to run Java, it was well worth taking time to apply the update.
Those that did not need the software should consider disabling it altogether, he said.
"This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants," he wrote, external.
The update is available via the main Java website and has prompted follow-up action from other electronics firms. Apple has released an update to the version of Java that runs on its computers. This update points people towards the official version of Java from Oracle instead of that supplied by Apple.
In the past, Apple has faced criticism over the speed with which it updated its version of Java.
- Published9 October 2013
- Published20 February 2013
- Published19 February 2013