October 31, 2014

Oracle’s latest Critical Patch Update fixes over 30 security vulnerabilities in Java

(LiveHacking.Com) – Oracle has released its latest Critical Patch Update (CPU) which addresses multiple security vulnerabilities in multiple Oracle products including Java. In total the software giant has fixed almost 140 vulnerabilities in a range of its products including Oracle Database, Fusion Middleware, MySQL, Solaris and VirtualBox.

For Java, Oracle has patched a total of 30 holes, all but one of which can be exploited remotely without authentication  This means that just visiting a web page which starts a Java app can cause a PC to be breached and infected with malware. This is the way several types of malware have been spreading in recent times. At the end of August Oracle was forced to release an out-of-band update for Java due to some severe Java vulnerabilities which were being exploited in the wild.

Many of the vulnerabilities were reported to Oracle by Adam Gowdiak of Security Explorations. Adam and his team have reported dozen of vulnerabilities to Oracle. Just under three weeks ago Adam reported a vulnerability that if successfully exploited would completely bypass the Java security sandbox. The bug allows hackers / attackers to violate a fundamental security constraint (type safety) of a Java Virtual Machine.

There are lots of concerns in the security industry about the level of vulnerabilities which exist in Java. It you don’t need Java it is best to remove it completely from your system. As an alternative you can also disable your current Java Plug-in temporarily to prevent being vulnerable to Java-based threats. For Windows systems, go to “Control Panel” and select “Java”. When the “Java Runtime Environment Settings” dialog box appears, select the “Java” tab. From there, click the “View” button. You will see a list of the currently installed versions of Java. Uncheck the “Enabled” check box to disable that installation from being used by Java Plug-in and Java Web Start. Oracle has a detailed description these setting here.

If you need to keep Java on your machine then the most effective measure against these vulnerabilities is by keeping your Java version up to date. To check the version of JRE your browser is running, use this link. You will then be prompted if you need to upgrade your Java version.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks