Home arrow Java & J2EE arrow Oracle Java 6 Update Fixes Security Vulnerabilities

Oracle Java 6 Update Fixes Security Vulnerabilities

Oracle released Java 6 Update 26 on June 8. While the update was part of Oracle's regular schedule when it comes to Java releases, it was of particular importance due to the various security vulnerabilities it patched. In all, 17 remote execution vulnerabilities in Java were closed.

By: wubayou
Rating: starstarstarstarstar / 1
June 13, 2011

print this article



The 17 patched vulnerabilities were not only found in Java itself, but also in browser plugins.  According to Oracle, the vulnerabilities provided hackers an avenue to execute code on affected systems remotely and without authentication.  Nine of the holes were considered to be severe, earning risk ratings of 10 out of 10 in cases where Administrator accounts on Windows machines were affected.  Much of the severity of these ratings was due to the fact that hackers could essentially take control of the machines once in.  The browser-based Java Runtime Environment plugin was a focus of the update as well, as almost all of the vulnerabilities affected it.

Java 6 Update 26 can be downloaded by using the Java updater or by visiting www.java.com.  Downloading and installing the update will fix any issues installed locally as well as those affecting browser plugins.  At this moment, the update is only available for those using the Windows, Linux, and Solaris platforms.  Since Oracle does not provide Java for the OS X platform, Mac users will have to wait for Apple to fix the issues.  If the past is any indication, Apple should begin patching the problems soon, as it last fixed Java issues in its Leopard and Snow Leopard platforms in March, one month after Oracle did the same.  Apple users should see better patching coordination in the future, however, as Apple said that Java would be installed and patched directly through the Oracle site once Mac OS X Lion 10.7 is released.

It's really no mystery as to why hackers seem to focus so heavily on Java.  The program's widespread existence makes it a target worthy of hackers' efforts.  As reported by Symantec's Internet Security Threat Report released in April, Java is installed on over 850 million computers across the globe, and it was responsible for 17 percent of browser plugin vulnerabilities in 2010.  Java combines with Adobe Reader and Internet Explorer to form a trio of the most frequently attacked programs, making it essential for users to perform regular updates.

Oracle recommends that users download the latest Java update as soon as possible to avoid the threat of any attacks.  This goes for users on all platforms, not just Windows.  In a post on the NakedSecurity blog, Chester Wisniewski, a senior security advisor at Sophos, wrote the following: “We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux.”

While some believe that Java is unnecessary and should be uninstalled, it is still used in various instances.  Some banking websites, Vmware products, and the popular OpenOffice.org productivity suite use Java.  Thus, many recommend that you keep the program installed on your computer, remembering to update it on a regular basis.

>>> More Java & J2EE Articles          >>> More By wubayou

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- More Java Bugs Lead to More Attacks
- Oracle's Java One Brings News, Surprises
- Oracle Patches Java Runtime Environment
- Apple Syncs Java Update with Oracle
- Spring 3.1 Java Development Framework Compat...
- Jelastic Java PaaS Availability and Pricing ...
- NetBeans 7.1 Released, Supports JavaFX 2
- SolarWinds Releases Newest Version of Java M...
- Free Monitoring Tool for Java Apps on Heroku
- Heroku Adds JCloud Platform Support, Java 7 ...
- Java SE 8 Speculation in Full Swing
- Java SE 7 Now Available
- New JVM Language and Java Reporting Tool
- Java 7 Release Update and New Eclipse Toolkit
- The Best Java Netbeans IDE Plugins

Developer Shed Affiliates


Dev Shed Tutorial Topics: