Wednesday, February 20, 2013

Oracle today released a new update for Java

Oracle today released a new update for the client Java, eliminating several previously identified vulnerabilities in the security of the common environment and eliminating the possibility of multiple zero-day vulnerabilities in browsers.

New updates Java 7 Update 15 and Java 6 Update 41 liquidate five critical vulnerabilities that have not been eliminated on February 1, when Oracle has released an update for the planned Java 7 and 6. Note that even if Oracle had violated accepted quarterly schedule release patches for Java, to eliminate a previously identified critical vulnerabilities actively exploited by hackers.

Now it is reported that four of the five vulnerabilities in Java can be used via Java Web Start on the desktop. Three of these vulnerabilities are the 10th, the highest level of hazard adopted in rating scale Oracle Common Vulnerability Scoring System. This means that they work on all systems where Java is available and allows you to log into the OS with administrator privileges. However, on Linux and Solaris Java environment does not run with administrator privileges, because the risk is lower.

The fifth vulnerability affects Java Secure Socket Extension (JSSE), which allows to jeopardize SSL / TLS-connection.

Note that for the current version of Oracle Java is the seventh version, so avtoskachivaniya only works with Java 7 Update 15, and to download the Java 6 Update 41 users will have to go to the site and download the Oracle package by hand. Even when downloading the latest version of Java 6 Update 41, users will get a warning about the desirability of switching to Java 7.

No comments:

Post a Comment