BUYER OF SUN MICROSYSTEMS Oracle has released another emergency patch to address serious vulnerabilities in Java.
The company has brought forward the release of the Java SE security update from 19 February to the start of the month, due to current concerns around holes in the system. The patch includes fixes for 50 vulnerabilities, including critical flaws that are being actively targeted in the wild. Oracle said that all but one of the patched vulnerabilities could be remotely exploited without user permission or interaction.
Oracle advised all users and administrators to download and install the updates as soon as possible due to the threat of online malware attacks targeting the flaw.
The update comes just weeks after Oracle was forced to release another out-of-band update for Java to plug security holes that were actively being exploited by attackers.
The release also comes as Oracle finds itself under fire from both security experts and fellow software vendors alike. Last week Apple said that it would not support existing versions of the Java browser plug-in on Mac OS X, opting instead to set the next version of Java as the minimum allowed installation.
Last month, security experts with the Sans Institute called on Oracle to overhaul its product development practices in order to build better security protections into Java and limit the impact of security vulnerabilities.
Other experts have advised users and administrators to disable Java entirely on their systems unless the component is absolutely necessary. µ