Java 6 and 7 Updates Released by Oracle
Java security issues have been the talk of the town for a few months now. Oracle has been trying desperately to ensure that all the flaws have been fixed. On the 5th of March 2013, Oracle released yet another emergency update for Java, the third one in 2013. Oracle issued a statement with these emergency updates stating that most of the major security issues that were being exploited by cybercriminals have been fixed with these updates. If you are taking Java training classes, you might want to look into the impact these updates will have on Java programming in the foreseeable future.
Vulnerability Pertaining to 2D Component of Java SE Fixed
The two new updates that were released recently are update 43 for Java 6 and update 17 for Java 7. The main vulnerability that was addressed and fixed by these updates is code named CVE-2013-1493 and another related flaw to this one, code named CVE-2013-0809 have been patched with these updates.
The security advisory of Oracle released a statement saying that the affected components of Java pertained to the 2D component of Java SE, the one that is responsible for the rendering of images and handling of runtime graphics. This statement was also posted on the official Oracle blog by Oracle’s software security assurance director, Eric Maurice.
Vulnerability Can Be Exploited without Authentication
The blog post shed further light on the type of vulnerabilities that were fixed. It stated that the vulnerabilities that were patched could have been exploited by cybercriminals remotely over a secure network, without the need of a password or a username. The techniques that cybercriminals largely used included tricking unsuspecting users and redirecting them to a web hosting page that contained the code that could exploit the Java vulnerabilities. Maurice recommended the new updates to the users on a priority basis to ensure that they are protected against these vulnerabilities.
Security Woes Continue for Java
Meanwhile, security woes continued to pile on Oracle as a Polish firm detected even more vulnerabilities in Java, right after the latest updates were released. Security Explorations’ Adam Gowdiak announced that his security research firm found 5 additional vulnerabilities in Java that need to be learned and removed, even after the latest updates were applied. It seems that attackers have found ways to use the new updates against Java and gain entry into networks without much of an effort. We have to wait and see how Oracle will respond to this, but as of now, Java is far from safe.
Please Share This Knowledge With Others!
May says
These continued updates that they are doing to Java is getting to be a little annoying to say the least. I am glad that they are finally get these things repaired. Thank you for the information I am thinking that they might actually have it fixed in the next few days what are you thinking. You have done a great job with the blog thank you.
Irma says
Hmmm. Three security updates in one year. While that does not sound like a lot to many persons who have used the content management system, Joomla (which puts out about one security update per month), it may well be a lot for a large, data management software development company such as Oracle. In any case, there are countless bait and switch type security breech attempts. You just need to be careful.