Oracle, beset by pressures to mitigate holes in Java 7 Update 13 that have been abused by hackers, expedited a patch set scheduled for later this month and released a whopping 50 fixes to licensees on 1 February.
A critical Java update was originally scheduled for 19 February, but because at least one of the vulnerabilities is being actively exploited and causing problems, Oracle decided to move up the patch update.
Oracle said 44 of 50 vulnerabilities only affect Java in browsers, which means they can only be exploited on desktops through Java Web Start applications or Java applets.
Oracle said that in releasing a Critical Patch Update two weeks ahead of the intended schedule – instead of releasing a one-off fix through a Security Alert – would be more effective in helping preserve system security.
The Oracle update came one day after Apple blocked Java 7’s latest update from running on OS X. Apple Insider reported that in January that a zero-day flaw in the Java Runtime Environment was being exploited by nefarious websites and was so serious that the US Department of Homeland Security warned users to disable the web plugin.
In response, Apple disabled Java 7 through the OS X anti-malware system, requiring users to have at least version “1.7.0_10-b19” installed on their Macs. Friday’s release carries the designation “1.7.0_13-b20”, meeting Apple’s requirements.
The last publicly available release of Java 6 is set to be released on 19 February. After that date all new security updates, patches, and fixes for both the runtime and SDK of Java SE 6 will only be available through My Oracle Support, and will therefore only be available to users with a commercial licence with Oracle.
Are you a security pro? Try our quiz!
Originally published on eWeek.
British regulator invites feedback on major partnerships Microsoft and Amazon have struck with smaller AI…
Another 20 staff have been fired by Google over Israel protest and their “completely unacceptable…
Censorship row brewing down under, after the Australian Prime Minister calls Elon Musk an 'arrogant…
Financial regulator asks New York judge to impose $5.3 billion in fines against Terraform Labs…
Lightweight artificial intelligence model launched this week by Microsoft, offering more cost-effective option for Azure…
ByteDance protest falls on deaf ears, as Senate passes TikTok ban or divest bill, with…