Oracle has announced the release of a massive security patch for Java that addresses at least 51 identified security vulnerabilities. If you think this does not affect you, keep in mind that Oracle says 89 percent of desktops run Java in one form or another.
Oracle’s Security Patch
The updates in question include 50 vulnerabilities that can be exploited remotely, with 12 of them so severe that they could enable hackers to take control of operating systems (OS). In the advisory issued by Oracle, it urges those that have Java running on their devices to update as soon as possible. The advisory reads:
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply, CPU fixes as soon as possible...This Critical Patch Update contains 127 new security fixes (including 51 Java fixes) across [a range] of product families."
This current patch, which is available for Windows, Mac OS X and Linux, is for Java 7 only, but Oracle has also released updates for Java 6 and Java 5. These, however, are only available to those on extended customer support contracts as Oracle has already ended support for them.
Problems With Java
So how important are these patches? According to Wolfgang Kandek, CTO of vulnerability management firm Qualys, the holes were serious with 12 of them achieving a perfect 10s in the Common Vulnerability Scoring System (CVSS) vulnerability table, where 10 represents the most dangerous threats of all.
However, the majority of the problem applied to desktops or laptops, with two other severe vulnerabilities associated with server installations.
Learning Opportunities
Webinar
Mar
21
Ready to Level Up Your Learning? Discover Your Learning Maturity Score
Learn how to level up your learning program in this free, interactive workshop
Webinar
Mar
29
The CX Commute vs. the CX Joy Ride
Is your CX traffic holding up your customer's journey?
Webinar
Mar
29
Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost
See why MIcrosoft recommends third party backup
Webinar
Mar
30
An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications
Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers
Conference
May
10
CMSWire CONNECT Customer Experience Conference - Austin 2023
Don't miss the top customer experience and digital experience conference of the year — live in Austin, Texas May 10-12.
Conference
May
10
Reworked CONNECT Employee Experience & Digital Workplace Conference Austin 2023
North America's best employee experience and digital workplace conference of the year — live in Austin May 10-12, 2023.
Leaving that aside, from a user perspective, the problem with these vulnerabilities is that they left billions of devices vulnerable.In fact, according to Oracle, three billion devices worldwide run Java.
However, it is not always necessary to run Java. According to security blogger Brian Krebs - - remember he identified the Adobe security breach recently? - - many people have it running when they do not actually need to have at all:
If you really need and use Java for specific Web sites or applications, take a few minutes to update this software… Otherwise, seriously consider removing Java altogether...”
However, he warns against businesses doing this for business users as they may have legacy systems installed that need Java to function properly.
For the moment, though, the smart money is on installing the updates to protect your devices. If you want to download the patches, you can find them here.