Emergency Java Fix for 50 Flaws Released

Update 13 for Java 7 and Update 39 for Java 6 was released today by Oracle. The security update, which was originally scheduled for February 19, was pushed through today because the vulnerabilities in question were being actively exploited in the wild.

"After receiving reports of a vulnerability in the Java Runtime Environment (JRE) in desktop browsers, Oracle quickly confirmed these reports, and then proceeded with accelerating normal release testing around the upcoming Critical Patch Update distribution, which already contained a fix for the issue," said Oracle in the company's security update release blog. "Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers."

Today's security update addresses 50 security issues; 44 found in the client deployed versions of Java, three in the client and server deployment of Java, two in the server-related Java Secure Socket Extension (JSSE) and one in the installation process of Java Runtime Environment.

Breaking it down, that means all but the installation error can be remotely exploited if unpatched, and, according to Oracle's Java SE Risk Matrix, 35 of the flaws scored a 10.0 -- the  highest severity score possible for vulnerabilities based on the ease of exploitation.

For those running Windows, it is recommended that you uninstall the earlier versions of Java before updating.

Apple took steps to protect its Mac OS users yesterday by "blacklisting" all current versions of Java. This means that until an updated version of Java is released, which Apple distributes to Mac customers, the use of the Web plugin will be disabled.

Apple has yet to release information on when the updated version of Java will be available for Mac users.


About the Author

Chris Paoli is the site producer for and


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.