Java mega-update plugs 29 critical security holes

Summary:According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).

Oracle has issued a massive Java SE and Java for Business update to fix 29 security vulnerabilities that could be exploited to take complete control of vulnerable computers.

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).  

follow Ryan Naraine on twitter
The patches are available for Windows, Linux and Solaris users.   Apple's Mac OS X is also vulnerable but security updates for that operating system is usually delayed for several months.

According to Oracle's advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Due to the threat posed by a successful attack, Oracle strongly recommends that affected users apply the available patches "as soon as possible."

You can use use this link to run a quick scan to determine whether the Java environment installation on your machine is up to date.

Windows users should be very careful when applying Java updates.  The company has an annoying history of bundling third-party software (browser toolbars) that are pre-checked by default.

During the installation process, be sure to uncheck any boxes that install software that you don't need (see screenshot)

Topics: Security, Oracle

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.