Java mega-update plugs 29 critical security holes

Java mega-update plugs 29 critical security holes

Summary: According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).

SHARE:
TOPICS: Security, Oracle
12

Oracle has issued a massive Java SE and Java for Business update to fix 29 security vulnerabilities that could be exploited to take complete control of vulnerable computers.

According to Oracle, 28 of these vulnerabilities could be remotely exploitable without authentication (over a network without the need for a username and password).  follow Ryan Naraine on twitterThe patches are available for Windows, Linux and Solaris users.   Apple's Mac OS X is also vulnerable but security updates for that operating system is usually delayed for several months.

According to Oracle's advisory,  15 of the 29 vulnerabilities carry the maximum 10.0 CVSS severity rating.

Due to the threat posed by a successful attack, Oracle strongly recommends that affected users apply the available patches "as soon as possible."

You can use use this link to run a quick scan to determine whether the Java environment installation on your machine is up to date.

Windows users should be very careful when applying Java updates.  The company has an annoying history of bundling third-party software (browser toolbars) that are pre-checked by default.

During the installation process, be sure to uncheck any boxes that install software that you don't need (see screenshot)

Topics: Security, Oracle

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • JAVA - Just Another Virus Application... Oracle please step on the JAVA Bug

    Do mankind a favor and step on the ugly java bug, it's such an odorous nasty thing!
    Reality Bites
    • Only after you step on...

      The ugly beast that is .net, or for that matter flash or [insert any development platform that people have an opinion on here].
      zkiwi
      • RE: Java mega-update plugs 29 critical security holes

        @zkiwi

        Agreed. If we 'stomped' on all the 'ugly' programs (in someone's opinion) we wouldn't have any software left.
        Lerianis10
    • RE: Java mega-update plugs 29 critical security holes

      Believe you will need!!!!!!

      is a very good!

      come HTTP://0845/4PC
      lincc324
  • RE: Java mega-update plugs 29 critical security holes

    Heh, a ZDNet blogger telling people not to install a Microsoft product and put a big screenshot of it instead of something more relevant like the Java detection site. No surprise there given ZDNet's bias and all.
    Loverock Davidson
    • RE: Java mega-update plugs 29 critical security holes

      @Loverock Davidson

      LD, get some new glasses, preferably ones without `rose colored lenses`.

      Please read more carefully:

      `You can use use this link to run a quick scan to determine whether the Java environment installation on your machine is up to date.`

      I found that as the fifth paragraph in the article. Oh, and BTW, using that link, I found out that the version I was using is out of date (version 6, update 18).
      fatman65535
      • RE: Java mega-update plugs 29 critical security holes

        @fatman65535
        Take your own advice and top ignoring the giant picture they put in the blog of a Microsoft product and trying to tell us not to install it.
        Loverock Davidson
  • LOL

    Why would google steal this code LOL? Why would MS who is totally anti Java bundle their tool bar with Java?
    LarsDennert
  • Why steal the code

    @LarsDennert you're an idiot. If Microsoft is anti-Java, then what's J++? (Hint, it was a Microsoft product.) Furthermore, had Sun been more litigious .NET would've been squashed for patent infringement -- just ask Gosling.

    As to Google, sure, they "stole" the JVM. Well, actually, they reverse engineered it. That's not disputed.

    None of which has anything to do with some crap toolbar.

    -Thufir
    THUFIR.HAWAT
    • Hmmm....

      @THUFIR.HAWAT
      If I recall correct J++ was discontinued, and last included with Visual Studio 6.0. The .NET framework was being born at hat time around 2000, J++ basically became J# due to questionable practices of MS's deal with SUN for not implementing it as-described by SUN Microsystems. J# is now being phased out as well due to declining usage and only available for support last with VS2005.

      Reference:
      http://msdn.microsoft.com/en-us/vjsharp/default.aspx
      ryanstrassburg
      • J , J#, C#

        @ryanstrassburg you're probably correct in the specifics. To clarify my intended meaning: Microsoft isn't against VM's, .NET is a VM.
        THUFIR.HAWAT
  • Loverock Davidson

    You are Such a Troll! OMG you and Ye!! Are you brothers???
    stilesalaska