Java has become a consistent target for hackers in their attempts to find system vulnerabilities which allow them to execute arbitrary code on a victim’s machine. Recently a vulnerability in Java was responsible for one of the largest outbreaks of malware on Apple’s OS X operating system. Oracle has now announced that it will patch a further 14 security vulnerabilities in Java this week, 12 of these can be remotely exploited without authentication.
“This Critical Patch Update contains 14 new security fixes for Oracle Java SE. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password,” wrote Oracle.
Affected versions are JDK and JRE 7 Update 4 and earlier, JDK and JRE 6 Update 32 and earlier, JDK and JRE 5.0 Update 35 and earlier, SDK and JRE 1.4.2_37 and earlier and JavaFX 2.1 and earlier.
Once Oracle has released it patches the questions remains – will Apple update its built-in version of Java quickly and will users upgrade to the latest version?
“I’ve repeatedly encouraged readers to uninstall this program,” said Brian Krebs former in house security expert for The Washington Post. “Not only because of the constant updating it requires, but also because there seem to be a never-ending supply of new exploits available for recently-patched or undocumented vulnerabilities in the program.”