Java SE Fixes Critical Holes

Friday, February 17, 2012 @ 02:02 PM gHale

Oracle fixed 14 security holes in the Java Standard Edition (Java SE) with a critical patch update.

The vulnerabilities allow attackers to use specially crafted Java WebStart applications or web services in order to install malicious code on computers that run flawed versions of Java. Oracle said these flawed versions are likely to exist on Windows computers because Windows users tend to have admin privileges. The risk is smaller under operating systems such as Linux and Solaris, the company added.

RELATED STORIES
Black Hole Tool Kit Coming to Life
Fake Analytics Leads to Black Hole
Patch Out for McAfee Vulnerability
Security Tip: Scrap Java

The holes, five of which are maximum risk vulnerabilities, affect the JDK (Java Development Kit) and JRE (Java Runtime Environment) 7 Update 2, JDK and JRE 6 Update 30, JDK and JRE 5.0 Update 33, and SDK and JRE 1.4.2:35, and earlier releases of each. Versions older than JavaFX 2.0.2 are suffer from the issue.

Oracle closed the holes in Java SE 7 Update 3, Java SE 6 Update 31 and JavaFX 2.0.3. The updates are available for Windows, Linux and Solaris. Under Windows, the updates will install automatically via auto-update. Otherwise, users can download the patches from the Java download page and installed manually.

Oracle recommends users replace the flawed versions as soon as possible.



Leave a Reply

You must be logged in to post a comment.