Oracle plugs 21 dangerous Sun Java security holes

[nsane.forums]

Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products and warned that the flaws are dangerous enough to expose users to remote code execution attacks.

Oracle said the most severe CVSS Base Score for vulnerabilities fixed in this Java patch batch is 10.0, the highest severity rating.

Out of these 21 vulnerabilities, 13 affect Java client deployments. 12 of these 13 vulnerabilities can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, which run in the Java sandbox with limited privileges. One of these 13 vulnerabilities can be exploited by running a standalone application.

According to the advisory, 3 of the 21 vulnerabilities affect client and server deployments and can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, as well as be exploited by supplying malicious data to APIs in the specified components, such as, for example, through a web service.

Because of the severity of the vulnerabilities in this Java update, Oracle recommends that Java customers apply it “as soon as possible.”

As usual, be careful with those pre-checked bloatware add-ons.

View: Original Article