Oracle’s patch updates just keep getting bigger. Just recently, the company released several patches affecting databases, networking components, OS, app servers, as well as Java and ERP systems, leaving IT administrators a number of tasks to deal with. Rumor has it that the updates will be a quarterly thing.
Why pay attention to Java updates?
Users who support Java applications should pay close attention to Oracle’s patch updates for one good reason: recently disclosed vulnerabilities in Java show that any application running on the current or older versions of Java products is at risk to remote attacks or exploitation.
Since Java 8 was released in 2014, the version has received 112 updates. Most recent patches include seven security updates that affect all version of Java 6, 7 and 8, and eight important security updates for Oracle’s WebLogic and GlassFish which are both supported by Java. The database expert is expected to release new patches regularly (every quarter) in order to combat the security threats.
In addition, Oracle released an advisory pertaining to administrator security. Windows administrators, in particular, are advised NOT to give higher privileges by default to their users, limiting the latter’s accessibility to Windows computers. It is a common scenario in Windows for users who run the Java applet or Java Web Start to have administrator privileges, pushing the CVSS scores for Java security flaws high.
“Users should only use the default Java Plug-in and Java Web Start from the latest JDK or JRE 8 releases,” Oracle said in its advisory.
In addition, the software company warned users fond of working around programs to avoid skipping patches. Oracle emphasizes that while it is possible to reduce risk by blocking network protocols or removing certain access or privileges, these do not address the real problem.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” said Oracle in the advisory.
Updating to Java’s latest version is not an option but a must if you want to take computer security seriously. Click here to know what you’ll get when you get the latest version now.
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.