Java update plugs 20 critical security holes

The patch, which provides a fix for the SSL Beast attack, comes at a time when anti-malware vendors are reporting an "unprecedented wave" of exploits against vulnerabilities in Java.

Oracle has shipped a critical Java update to fix at least 20 security vulnerabilities, some serious enough to cause remote code execution attacks.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible," the company warned in an advisory.

follow Ryan Naraine on twitter

According to Oracle, 19 of the 20 vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The patch, which provides a fix for the SSL Beast attack, comes at a time when anti-malware vendors are reporting an "unprecedented wave” of exploits against vulnerabilities in Java.

The chart below from Microsoft says it all:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All