DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, ATi, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
June 20, 2013 
Main Menu

Home
Info
News archives
Links
Articles
Howto
Reviews
 

Who's Online
There are currently 86 people online.
 

Latest Reviews
Antec soundscience halo 6 LED bias lighting kit
Noctua NM-I3 SecuFirm2 Mounting Kit
Two months with Windows 8
Cooler Master Silencio 650
CM Storm QuickFire TK mechanical keyboard
Kingston HyperX 3K 240GB SSD
Sennheiser HD 555
ROCCAT Pyra Wireless mouse
 

RSS
RSS





 

Java update arrives early to squash 50 bugs

Posted on Monday, February 04 2013 @ 15:06:41 CET by


Java logo
Oracle surprises us with a new February 2013 Critical Patch update for Java that plugs a whopping 50 security bugs. Originally planned to be released next month, Oracle pulled the release of the update forward because one of the fixed vulnerabilities is exploited in the wild. The release addresses 44 vulnerabilities for the client version of Java, as well as one bug in the Java Runtime Environment installer, three bugs in the client and server deployment of Java, as well as two holes that only apply to the server deployment of the Java Secure Socket Extension (JSSSE). Full details can be read at Oracle's Blog.
Furthermore, to help mitigate the threat of malicious applets (Java exploits in internet browsers), Oracle has switched the Java security settings to “high” by default. The "high" security setting requires users to expressly authorize the execution of unsigned applets allowing a browser user to deny execution of a suspicious applet (where in the past a suspicious applet could execute "silently"). As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet. In addition, Oracle has recently introduced the ability for users to easily disable Java in their browsers through the Java Control Panel on Windows.

As stated at the beginning of this blog, Oracle decided to release this Critical Patch Update earlier than planned. After receiving reports of a vulnerability in the Java Runtime Environment (JRE) in desktop browsers, Oracle quickly confirmed these reports, and then proceeded with accelerating normal release testing around the upcoming Critical Patch Update distribution, which already contained a fix for the issue. Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers. The size of this Critical Patch Update, as well as its early publication, demonstrate Oracle’s intention to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers.



 


 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2013 DM Media Group bvba