October 21, 2016

Oracle Releases Critical Patch Update for Java

(LiveHacking.Com) – Oracle has released a collection of patches to address multiple security vulnerabilities in Java. The “Critical Patch Update” contains 14 security fixes for the following products:

  • JDK and JRE 7 Update 2 and earlier
  • JDK and JRE 5 Update 30 and earlier
  • JDK and JRE 5.0 Update 33 and earlier
  • SDK and JRE 1.4.2_35 and earlier
  • JavaFX 2.0.2 and earlier

All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Little else is known about the patches except that 5 of the 14 have a Common Vulnerability Scoring System (CVSS), the severity ratings system used by Oracle, of 10 out of 10.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply the update fixes as soon as possible.