Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Fixes 42 Security Vulnerabilities In Java

Posted by samzenpus on from the patching-things-up dept.

wiredmikey writes "Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible."

4 of 211 comments (clear)

  1. Naive question by DoofusOfDeath · · Score: 5, Insightful

    What's the deal with people saying Java is a major source of insecurity?

    Does that mean compared to C++? Are they comparing (Java + all its libraries) to (C++ plus one instance of each library which is needed to match Java's standard libraries)? Insecurity of the JVM itself, compared to native object code?

    I honestly can't tell.

  2. Re:Repeat after me by viperidaenz · · Score: 5, Insightful

    yeah, it should read: 3 Java security vulnerabilities (2 are client only) and 39 Java Web Start vulnerabilities fixed.

  3. Re:You're using it wrong by StormReaver · · Score: 5, Insightful

    Leave Java on the server side and be done with it.

    Or learn to use Java properly on the client side, which means stop using it as a browser plugin. Java makes an excellent desktop application development platform, but an absolutely lousy browser plugin.

  4. Re:And this is where Oracle is failing... by symbolset · · Score: 5, Insightful

    Languages need to keep up with the times, or they become an albatross.

    Unless through being steeped in the art and basic principles and with an eye toward the future the authors built their language in such a way that it could be timeless art that stood for all time, like for example Brian Kernighan and Dennis Ritchie's "C".

    Go ahead and learn ALGOL, FORTRAN, BASIC, SNOBOL, APL, ADA, brainfuck, R, LISP and dozens of others like I did if that's your nerd thing. It's fun. After you've done that you'll come to the same conclusion I did: programming languages are syntactic sugar. They are constructs for interpreting your ideas into references to libraries that instantiate the desired result in predictable ways.

    C is. It stands like the Oedipus trilogy as a distillation of all prior art and a foundation of all subsequent art. It is beautiful and timeless in the same way. Learn this one thing and all else becomes easy. Unfortunately, like the Tau, it is not possible to really understand C until you don't need to do so any more. When you have learned enough about C to know why it is a fool's game you will have become ready to launch your own inferior language.

    --
    Help stamp out iliturcy.