Critical Java SE update due Tuesday fixes 40 flaws

And yes, most are remotely exploitable


Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy.

According to Oracle's security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and 7 are affected by the flaws, as are all versions of JavaFX.

Of the 40 bugs, all but three are remotely exploitable over a network without the need for a username or password.

Yes, that's bad. Oracle ranks the severity of its flaws using the Common Vulnerability Scoring System (CVSS), and the top-ranked bug in this particular update rates a 10.0 – the highest possible score.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the database giant helpfully suggests.

Oracle ordinarily releases Critical Patch Updates four times a year on a set schedule, but this will already be the fourth such update issued in 2013. The first shipped on February 1, but Oracle reissued it later in the month with additional fixes. It also scheduled another, previously unplanned update for April.

Each of those earlier updates contained upward of 40 fixes, and each similarly addressed flaws that rated 10.0 on the CVSS severity scale.

Oracle has not yet disclosed which vulnerabilities will be patched by the June update, but previous Critical Patch Updates have patched vulnerabilities in a wide range of Java APIs and subsystems. These flaws could potentially affect a whole host of Java software and were not limited to programs running via the Java browser plugin, as has been the case with some previous Java exploits.

Oracle plans to release its latest Java SE Critical Patch Update on June 18, 2013. After that, the next update is currently scheduled for October 15. ®


Other stories you might like

  • Intel is running rings around AMD and Arm at the edge
    What will it take to loosen the x86 giant's edge stranglehold?

    Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena.

    So where are all the AMD and Arm-based edge appliances?

    A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance from Inspur used an Arm-based chip from Nvidia.

    Continue reading
  • NASA's Psyche mission: 2022 launch is off after software arrives late
    Launch window slides into 2023 or 2024 for asteroid-probing project

    Sadly for NASA's mission to take samples from the asteroid Psyche, software problems mean the spacecraft is going to miss its 2022 launch window.

    The US space agency made the announcement on Friday: "Due to the late delivery of the spacecraft's flight software and testing equipment, NASA does not have sufficient time to complete the testing needed ahead of its remaining launch period this year, which ends on October 11."

    While it appears the software and testbeds are now working, there just isn't enough time to get everything done before a SpaceX Falcon Heavy sends the spacecraft to study a metallic-rich asteroid of the same name.

    Continue reading
  • Rise in Taiwanese energy prices may hit global chip production
    National provider considering cost increase of 8%, which could be passed on to tech customers

    Taiwan's state-owned energy company is looking to raise prices for industrial users, a move likely to impact chipmakers such as TSMC, which may well have a knock-on effect on the semiconductor supply chain.

    According to Bloomberg, the Taiwan Power Company, which produces electricity for the island nation, has proposed increasing electricity costs by at least 8 percent for industrial users, the first increase in four years.

    The power company has itself been hit by the rising costs of fuel, including the imported coal and natural gas it uses to generate electricity. At the same time, the country is experiencing record demand for power because of increasing industrial requirements and because of high temperatures driving the use of air conditioning, as reported by the local Taipei Times.

    Continue reading

Biting the hand that feeds IT © 1998–2022