Oracle releases new Java fixes, speeds up patching cycle - greenlyharsecy

Oracle released new Java security updates on Tuesday and announced plans to accelerate the release of future Coffee patches following recent attacks that have infected computers with malware by exploiting 0-day vulnerabilities in Coffee web browser plug-INS.

The new updates, Coffee 7 Update 15 and Coffee 6 Update 41, savoir-faire five additional vulnerabilities that couldn't embody included in the emergency Java update that Oracle released on Feb. 1 due to time constraints. At the sentence, Prophesier broke out of its scheduled 4-month Java patching cycle in lodg to patch a vulnerability that was existence actively exploited by hackers.

Four of the five vulnerabilities addressed in the Tues updates posterior be exploited through Java Web Start applications on desktops and Java applets in Internet browsers, Eric Maurice, Oracle's director of software assurance, said Tuesday in a blog put up.

Terzetto of those quartet vulnerabilities acceptable the highest rating on the Grassroots Exposure Rating system scale — 10 — which way they are critical and can be exploited to completely compromise the confidentiality, unity, and availability of systems where Java runs with administrator privileges, such as Windows XP. On systems where Java does non run with administrative privileges, such As Linux Oregon Solaris, the impact is lower, Maurice said.

The fifth vulnerability affects server deployments of the Java Secure Socket Annexe (JSSE) and stems from the Lucky 13 attack against SSL/TLS implementations that security researchers disclosed earlier this month.

Even though the new-sprung Java 6 Update 41 is available for download from Prophesier's website, it is not available from Java.com and must be obtained manually. The updating characteristic in Java 6 installations will command prompt users to download and establis Coffee 7 Update 15.

This was a plotted go up from Vaticinator, which previously announced along its websitethat it will "start auto-updating all Windows 32-tur users from JRE 6 to JRE 7 with the update release of Coffee, Java SE 7 Update 15 (Coffee SE 7u15), due in February 2022."

Oracle will hurry up its patching cycle for Coffee. "Oracle's intent is to continue to quicken the release of Coffee fixes, particularly to help address the security worthiness of the Java Runtime Surroundings (JRE) in screen background browsers," Maurice same.

The next scheduled Severe Patch Update for Java Atomic number 34 will be free on April 16, two months from immediately instead of cardinal, and will come at the same time as the Serious Patch Update for Oracle's not-Java products. The next Java bandage update after that is regular for June 18.