Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software.
The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL.
The security update for Oracle’s popular browser plug-in Java addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network.
Four Java flaws were marked most severe and received a score of 10.0 on the Common Vulnerability Scoring System (CVSS), the most critical ranking. Nine other Java flaws given a CVSS Base Score of 6.0 or higher.
"Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches," Oracle said in a pre-releaseannouncement. "Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay."
The other most severe ratings of CVSS base score 10.0 belong to Fujitsu M10-1 of Oracle Sun Systems Products Suite, M10-4 of Oracle Sun Systems Products Suite, and M10-4S Servers of Oracle Sun Systems Products Suite.