Oracle plugs 21 dangerous Sun Java security holes

Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products.

Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products and warned that the flaws are dangerous enough to expose users to remote code execution attacks.

Oracle said the most severe CVSS Base Score for vulnerabilities fixed in this Java patch batch is 10.0, the highest severity rating.

follow Ryan Naraine on twitter

Out of these 21 vulnerabilities, 13 affect Java client deployments. 12 of these 13 vulnerabilities can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, which run in the Java sandbox with limited privileges. One of these 13 vulnerabilities can be exploited by running a standalone application.

Researcher warns of dangerous Java flaw

According to the advisory, 3 of the 21 vulnerabilities affect client and server deployments and can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, as well as be exploited by supplying malicious data to APIs in the specified components, such as, for example, through a web service.

Because of the severity of the vulnerabilities in this Java update, Oracle recommends that Java customers apply it "as soon as possible."

As usual, be careful with those pre-checked bloatware add-ons.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All