Two dozen leaks with the highest risk rating resolves Oracle with a current Update. Users recommends Oracle to install the update immediately.
Oracle released a security update for Java SE. In order for the provider resolves a total of 25 security holes. Among the resolved security leaks also a vulnerability, which, according to Trend Micro since July known and used by hackers as part of Operation Pawn Storm, among other things, for attacks on NATO and the US government, was used it is.
Without Click-to-Play, it is possible, Java Applets, or Java Web Start applications without the user’s Knowledge, as Trend Micro and more. In conjunction with another vulnerability of the error, Drive-by-Downloads, so the introduction of malicious code without interaction with a user to allow it.
The case shows how important it is to check the new security features of such a complex system such as Java, exactly, said Trend Micro. Only in this way could be to ensure that existing “would not be compromised good” functions.
24 of the 25 disposed leave vulnerabilities, Oracle, according to remotely and without authentication to exploit. Four gaps have the highest risk rating 10 out of 10, and a further a base value of 9.3.
Affected users, Oracle recommends the latest Version of the Java Software from the site of the Oracle download. Users of Java 8 Update 65 require, which stands for Windows, Mac OS X, Solaris, and Linux. An Update for Java 7 only for customers who have purchased Java Support or an Oracle product use, requires Java 7.
In addition, Oracle has released its October patch Tuesday Updates for products, such as a database, Fusion Middleware, Hyperion, Enterprise Manager, PeopleSoft Enterprise, Siebel CRM, and MySQL. For a further 129 stuck vulnerabilities, the Oracle also as a critical scaling.