Oracle Fixes 17 Java Vulnerabilities In Critical Patch Update

By Author: eccuni
Total Articles: 211
Comment this article

The latest Java critical update by Oracle mitigates 17 security vulnerabilities. Out of them, five are associated with client and server deployments of Java Standard Edition (SE), eleven only pertain to client deployments, and one relates to server deployments of Java SE. Nine of the vulnerabilities score 10 as per Oracle’s Common Vulnerability Scoring System (CVSS), while three score 7.6, four others score 5.0 and one scores 2.6. The vulnerabilities allow attackers to execute remote code, without any authentication over a network. Attackers may exploit the vulnerabilities through untrusted Java web start applications, and Java applets. They may also exploit the security flaws by supplying data to Application Programming Interfaces (APIs) without making use of Java start applications, and applets. Users with administrative privileges such as on Windows are more susceptible to the security vulnerabilities. For users not running Java applications with administrative privileges such as on Solaris and Linux, the vulnerability score stands at 7.5 for vulnerabilities rated as 10 as per Oracle’s CVSS. The vulnerabilities affect ...
... JDK, JRE 6 Update 25 and prior versions, JDK 5.0 update 29 and prior, SDK 1.4.2_31 and prior versions.

While rating vulnerabilities, Oracle takes into account prerequisites for exploitation, ease of exploit, and the impact of attack on integrity, availability and confidentiality. The vendor then converts the information into scores ranging from zero and ten, wherein the latter signifies highest severity.

Oracle’s issues cumulative critical patch updates for Java SE in the months of February, June, and October. Java applications are increasingly becoming targets of cybercriminals. Attackers try to take advantage of the time lag between security update and its implementation by the users. Users must immediately install the security updates to avoid exploitation of the security flaws.

Professionals qualified in IT masters degree may enable organizations to identify, prioritize and apply requisite security updates. Prioritization of security updates is crucial to safeguard organizational systems and networks from sophisticated attacks of cybercriminals. Unauthorized access to privileged databases, may adversely impact business interests, and lead to financial and strategic losses.

Software products are susceptible to vulnerabilities due to programming errors, and use in different security environments. Attackers constantly research and evolve their attack techniques to breach security of software products and applications.

Developers must constantly evaluate software products to identify weaknesses and security flaws. Testing products under different environments may allow developers to make proper assessment of security threats. Online technology degree programs may facilitate IT professionals in keeping themselves abreast of latest developments, and devise improved security mechanisms.

Organizations must update employees on latest security threats, preventive measures, security practices, and incident reporting. They must also sensitize employees on the consequences of lax security practices on organization, personnel, customers, and other stakeholders. Employees may abreast themselves of security fundamentals and threats through online computer degree courses, e-learning programs, and online tutorials. Adherence to security updates and alerts by vendors, and IT security firms may help in fostering security conscious culture in organizations, and improve defenses against varied forms of security threats emanating in the Internet environment.