"In order to address efficiently such a large patch release with over 120 vulnerabilities, we recommend working in the following sequence: Java first, as it is the most attacked software in this release, then vulnerabilities on services that are exposed to the Internet, such as Weblogic, HTTP and others," Wolfgang Kandek, CTO of vulnerability management firm Qualys, said Tuesday in a blog post. However, Oracle discontinued public support for both Java 5 and 6, so these new security updates are only available to customers with extended support contracts. In addition to Java 7 Update 45, Oracle also released Java 6 Update 65 and Java 5 Update 55 that address the vulnerabilities that also apply to those older versions. Tables listing the exact number of vulnerabilities patched in each product, their severity score and the product versions they affect are included in Oracle's CPU advisory for October. In addition to these two vulnerabilities, two others that apply to Oracle Fusion Middleware also apply to database deployments. Fixing one of them requires customers to enable network encryption between their clients and servers if data is sent over untrusted networks, Eric Maurice, Oracle's director of software assurance, said in a blog post. Two vulnerabilities were addressed in the Oracle Database Server and both can be exploited remotely without authentication and can result in partial compromise of data confidentiality.
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.The other 76 security fixes in this CPU that are not related to Java address vulnerabilities in the following Oracle product families: Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle iLearning, Oracle industry Applications, Oracle FLEXCUBE, Oracle Primavera, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization and Oracle MySQL.
Department of Homeland Security warns of zero day threat – January 11, 2013Īpple makes OS X even more secure for Mac users by removing Java – October 19, 2012Īpple uninstalls Java applet plug-in from all web browsers – October 17, 2012 Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013Īpple blocks OS X Java 7 plug-in as U.S. Oracle releases Java Version 7 Update 11 – January 14, 2013 Java 7 update 11 security patch fixes nothing users advised to disable Java – January 14, 2013
How to kill Java dead, dead, dead this outdated tech must be exterminated – January 15, 2013 Why fixing the Java flaw will take so long – January 16, 2013 employees hit by same hackers who targeted Facebook last week – February 19, 2013īad Java: Apple blocks Oracle’s latest Java version via OS X anti-malware system – January 31, 2013
Hackers’ attacks on Apple, Facebook, 40 other companies said to come from eastern Europe – February 20, 2013Īpple releases Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 13 – February 19, 2013 Oracle releases Java 7 Update 15 – February 20, 2013 New Java vulnerability is being exploited in the wild disable the plugin or change your security settings – March 1, 2013Īpple closes Java hack, and why it’s time to switch Java off for good – February 20, 2013 MacDailyNews Take: No wonder Sun’s defunct. Snow Leopard users will download Java for Mac OS X 10.6 Update 14, which delivers the same version of Java 6.” “This file updates Java SE 6 to 1.6.0_43, the latest version released by Oracle. “Lion and Mountain Lion users should download Java for OS X 2013-002,” Golson reports.
Somewhat confusingly, Apple delivers updates to Java 6, while Oracle delivers updates directly to Java 7 users,” Jordan Golson reports for MacRumors. “Apple has pushed a new release of Java 6 that fixes a new vulnerability discovered just a few days ago.