Thursday, October 02, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook To Change Real-name Policy
CEA Outlines Five Technology Trends In Consumer Technology
Apple CarPlay Update Now Available with Firmware for Pioneer NEX In-Dash Receiver Models
Philips to Appeal $467 Million Patent Infringement Lawsuit
Rovio to Slash 130 Jobs
Toshiba Offers Ultra-small e-MMC Embedded NAND Flash Memory Products
ARM and TSMC Unveil Roadmap for 64-bit ARM-based Processors on 10FinFET Process
LG Brings Its Ultra HD 4K OLED TV To The U.S.
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > Oracle ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Saturday, February 02, 2013
Oracle Releases Critical Patch Update for Java SE


Oracle released the February 2013 Critical Patch Update for Java SE earlier than scheduled as an active exploitation of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers has been widely reported.

The original Critical Patch Update for Java SE was scheduled on February 19th.

In addition to a number of security fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities. 44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers). In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets. In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops).

3 of the vulnerabilities fixed in this Critical Patch Update apply to client and server deployment of Java; that means that these vulnerabilities can be exploited on desktops through Java Web Start and Java applets in Browser, or in servers, by supplying malicious input to APIs in the vulnerable server components. In some instances, the exploitation scenario of this kind of bugs on servers is very improbable; for example, one of these vulnerabilities can only be exploited against a server in the unlikely scenario that the server was allowed to process image files from an untrusted source.

Finally, 2 of the vulnerabilities fixed in this Critical Patch Update only apply to server deployment of the Java Secure Socket Extension (JSSE).

Furthermore, to help mitigate the threat of malicious applets (Java exploits in internet browsers), Oracle has switched the Java security settings to "high" by default. The "high" security setting requires users to expressly authorize the execution of unsigned applets allowing a browser user to deny execution of a suspicious applet (where in the past a suspicious applet could execute "silently"). As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet. In addition, Oracle has recently introduced the ability for users to disable Java in their browsers through the Java Control Panel on Windows.

For more information read the advisory for the February 2013 Critical Patch Update is located at http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html


Previous
Next
X-Phone Job Online Post Feed Rumor Mill        All News        Twitter Says Hackers Accessed Data Of 250K Users
Toshiba Develops High Speed NANO FLASH-100 Flash Memory for ARM Microcontrollers     General Computing News      Twitter Says Hackers Accessed Data Of 250K Users

Get RSS feed Easy Print E-Mail this Message

Related News
Oracle's Ellison Steps Down
Oracle To Buy Micros Systems
Oracle Accelerates Its Databases
Oracle Wins Appeal In Legal Battle With Google
Microsoft Retains No. 1 Spot; Oracle Moves Into No. 2 In Global Software Market
Oracle Buys Responsys For $1.5 billion
IBM, Oracle, EMC To Face China Probe Over Security Concerns: report
ARM and Oracle to Optimize Java SE for Enterprise and Embedded Markets
Microsoft and Oracle Team Up On Cloud Computing
Oracle Unveils Faster Servers
New Emergency Fix Releaseed For Java zero-day Exploit Released
New Critical Patch For Java SE Released

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .