Oracle patching 37 critical vulnerabilities in Java today

By Tuesday, June 18, 2013 0 , , Permalink 0

Oracle published this information in a pre-announcement and the fixes will be released as a part of its critical patch update (CPU) later today. The update is meant for all version of Java that are currently being supported either publicly or contractually – JDK and JRE 7 Update 21 and earlier, JDK and JRE 6 Update 45 and earlier and JDK and JRE 5.0 Update 45 and earlier. The CPU also includes fixes for JavaFX 2.2.21 and earlier.

Oracle has advised that the updates be applied as soon as possible after they are released to mitigate the risks arising out of unpatched vulnerabilities. “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.” notes Oracle.

In general if users are too concerned about the barrage of vulnerabilities reported recently and are not in a position to update Java within their infrastructure, they should disable the Java plugin in their browsers as they are the most common attack vector used to exploit these vulnerabilities. Users can refer to the guides provided by their browser vendors to disable the plugins.