PRODUCTS

Get ready! Oracle to fix 40 holes in Java

There’s definitely an update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven’t already. The details of what will be fixed aren’t a matter of public record yet, so we can’t spell them out for you in detail. Nevertheless, Oracle has published a very brief pre-announcement to remind us of the importance of this month’s fixes. The good news is that lots of security vulnerabilities have been repaired – 40 in total, of which all but three are RCEs, or remote code execution holes.

That’s where untrusted content sent over the network might be able to trick Java into performing operations that really ought to be limited to already-installed, trusted code. In short, an RCE means that you could get infected by malware simply by looking around online, without explicitly downloading, authorising or even noticing the malware being installed.

Java2

There are two handy ways to reduce this RCE risk:

·    Apply Oracle’s patches as soon as practicable. You can turn on fully-automatic updating if you like.
·    Turn off Java in your browser, so that web-based Java applets can’t run at all.

Click here to see the original article.