Saturday, October 26, 2013

Oracle Quarterly Patch Update Fixes 127 Security Bugs

Oracle has released a whopper of a critical patch update for October, with 127 security fixes across several of the company's products. Of these, 51 are fixes for Java SE, and all but one of those will allow remote exploitation of a computer without authentication. Oracle recommends the patch be applied as soon as possible, as many of the vulnerabilities cross product family lines, and its products are interdependent. However, the patch applies only to products whose licensees have premier support or extended support. 40 of the 51 Java vulnerabilities apply to client deployment of Java. Of these, one is exploitable only during the act of deploying Java clients; the rest apparently can be exploited on Java clients at other times. Eight of the Java flaws impact both client and server-side implementations. Of the remaining three, one applies to the Java Heap Analysis, and two apply to sites that run the Javadoc Tool as a Service. <more>

No comments: