[ISN] Oracle slaps critical patch on insecure Java

http://www.theregister.co.uk/2013/04/17/oracle_java_security_update/ By Jack Clark in San Francisco The Register 17th April 2013 Oracle has issued a critical update patch for Java as the database giant works to shore up confidence in the widely used code. The security update fixes 42 security flaws, 19 of which merit a 10 (most severe) rating acording to the CVVS metric the company uses to evaluate the software. Along with this, Oracle has also sought to give users more information about the Java apps that want to execute code within the browser. The patch comes at a time when many security pros are questioning the value of Java, with many seeing its presence in user’s browsers as a liability rather than a benefit. Of the 42 security flaws patched by Oracle in April, 39 of them “may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password,” Oracle wrote in the patch notes. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org