Oracle released a quarterly patch set, 128 patches

Oracle yesterday released a big quarterly patch set, consisting of 128 individual patches for nearly one hundred products of the company.

According to the Oracle, four patches are for the flagship DBMS Oracle, all of which allow remote execution and represent a critical danger as they allow an attacker to obtain data on the server without the need to enter login and password.

Another 29 patches are for various products Oracle Fusion Middleware, 22 of which can be used remotely without the proper authentication server. Affected products include GoldenGate Veridata, JRockit, Webcenter and Weblogic. For application servers Corporation also manufactures a wide range of fixes: patches will be released for E-Business Suite (6 patches), Supply Chain Products Suite (3 patches), PeopleSoft (11 patches) and Oracle Siebel CRM (8 patches).

Yahoo! offers developers a tool based on a vulnerable version of Java

Application that provides a company uses a version of Java 6 Update 7, containing a number of vulnerabilities.

While Apple, Mozilla, and other tech giants are taking various steps to prevent the use of unsafe client versions Java, Yahoo! offers users a free tool for creating web-sites that require unsafe version of Java, released over 4 years ago.

Activities include a tool called SiteBuilder, which contains a number of vulnerabilities and may subject the user's computer the risk of infection. Danger seen in the fact that the tool uses a vulnerable version of Java 6 Update 7.

Critical Update Java SE 7 Update 13

Oracle has unveiled the largest in the history of updates to fix security problems in Java SE - Java SE 7 Update 13 and Java SE 6 Update 39, which eliminated the 50 vulnerabilities, 26 of which have been assigned the highest level of risk.

Critical Update Java SE 7 Update 13 with the removal of 50 uyazvimosteyKompaniya Oracle introduced the biggest in the history of updates to fix security problems in Java SE - Java SE 7 Update 13 and Java SE 6 Update 39, which eliminated the 50 vulnerabilities, 26 of which have been assigned the highest level of danger (CVSS Score 10.0), implying the possibility of going beyond an isolated virtual machine environment and the initiation of the code in the system when processing specially decorated content. Initially, the minor release was scheduled for February 19, but was released early, as one critical vulnerability patched in the browser Java-Plugin has a zero-day nature of the problem for which the network has already recorded facts of exploitation.

New vulnerability in Java

New vulnerability in Java calls into question the effectiveness of protection against exploits.

Researchers discovered vulnerabilities to bypass security settings Java, designed to protect against hidden exploits.

Researchers from security company Security Explorations managed to find vulnerabilities in the security Java, which are designed to provide protection against hidden exploits. The flaw allows potential attackers to bypass security restrictions and perform 'drive-by' attack in the victim's browser.

Note that the user needs the ability to specify the security settings introduced by developers in December last year in Java 7 Update 10. They allow you to set limits on the run Java applications in web-browser. In this case the most "robust" safety of the four possible to block all applications that do not have a legitimate signature.

At the same time, the head of Security Explorations Adam Gowdiak, none of the proposed restrictions can resist intruders.