Have you already updated Java to the latest version? If you haven’t done it yet, you might want to do it immediately. In an advisory of sort, Oracle “strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay”. Apparently, there are vulnerabilities in the program that are being exploited. In English, Java is no longer as safe, and needs to be updated.
The Critical Patch Update (CPU) that Oracle released in the last quarter was designed to fix a total of 253 security vulnerabilities, making it the second largest ever fixes that the company rolled out. It was 23 patches short of July’s CPU. 8 of the security updates were for the Java EE-based WebLogic and GlassFish application servers, while 7 of them are for Java SE 6, 7 and 8.
What vulnerabilities in the Java Platform were addressed?
- Vulnerabilities that can be remotely exploited over a network, without the need for authentication. The lack of login credentials, made it easier for threat actors to exploit the platform, and compromise Oracle products and services, such as Oracle Web Services, Oracle Big Data Discovery, WebLogic or Oracle Commerce over HTTP.
- There were vulnerabilities that earned a score of 9.6 out of 10.0, based on Oracle’s Common Vulnerability Scoring System, which pretty much says a lot about the severity of the security hole. If found in all 76 of the company’s products, serious damage control could be required.
- There were vulnerabilities found in Oracle’s middleware products, such as the Oracle Database Server (2), MySQL database (31), Sun Systems suite (16), and the Oracle Linux and virtualization products (13).
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches.”
With this kind of advisory from Oracle, it’s best that you listen and update.
Learn more about what you’ll get from the latest version of Java.