Java mega-update plugs 29 critical security holes

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).

Oracle has issued a massive Java SE and Java for Business update to fix 29 security vulnerabilities that could be exploited to take complete control of vulnerable computers.

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).  

follow Ryan Naraine on twitter
The patches are available for Windows, Linux and Solaris users.   Apple's Mac OS X is also vulnerable but security updates for that operating system is usually delayed for several months.

According to Oracle's advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Due to the threat posed by a successful attack, Oracle strongly recommends that affected users apply the available patches "as soon as possible."

You can use use this link to run a quick scan to determine whether the Java environment installation on your machine is up to date.

Windows users should be very careful when applying Java updates.  The company has an annoying history of bundling third-party software (browser toolbars) that are pre-checked by default.

During the installation process, be sure to uncheck any boxes that install software that you don't need (see screenshot)

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All