Emergency Java Fix for 50 Flaws Released

Update 13 for Java 7 and Update 39 for Java 6 was released today by Oracle. The security update, which was originally scheduled for February 19, was pushed through today because the vulnerabilities in question were being actively exploited in the wild.

"After receiving reports of a vulnerability in the Java Runtime Environment (JRE) in desktop browsers, Oracle quickly confirmed these reports, and then proceeded with accelerating normal release testing around the upcoming Critical Patch Update distribution, which already contained a fix for the issue," said Oracle in the company's security update release blog. "Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers."

Today's security update addresses 50 security issues; 44 found in the client deployed versions of Java, three in the client and server deployment of Java, two in the server-related Java Secure Socket Extension (JSSE) and one in the installation process of Java Runtime Environment.

Breaking it down, that means all but the installation error can be remotely exploited if unpatched, and, according to Oracle's Java SE Risk Matrix, 35 of the flaws scored a 10.0 -- the  highest severity score possible for vulnerabilities based on the ease of exploitation.

For those running Windows, it is recommended that you uninstall the earlier versions of Java before updating.

Apple took steps to protect its Mac OS users yesterday by "blacklisting" all current versions of Java. This means that until an updated version of Java is released, which Apple distributes to Mac customers, the use of the Web plugin will be disabled.

Apple has yet to release information on when the updated version of Java will be available for Mac users.


About the Author

Chris Paoli is the site producer for and


  • How To Remove the Windows 10 Action Center

    Microsoft meant well with Windows 10's Action Center, but the constant pop-up notifications are often more annoying than helpful. Here's how to get rid of them.

  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.