A recent critical patch update to Java Standard Edition (Java SE) fixed 14 security flaws.
“The vulnerabilities allow attackers to use specially crafted Java WebStart applications or web services in order to install malicious code on computers that run flawed versions of Java,” The H Security reports. “Oracle says that such flawed versions are particularly likely to exist on Windows computers because Windows users tend to have admin privileges. The risk is smaller under operating systems such as Linux and Solaris, the company added.”
“The holes, five of which are rated as maximum risk vulnerabilities, affect the JDK (Java Development Kit) and JRE (Java Runtime Environment) 7 Update 2, JDK and JRE 6 Update 30, JDK and JRE 5.0 Update 33, and SDK and JRE 1.4.2:35, and earlier releases of each,” the article states.
Go to “Java SE updates fix critical security holes” to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.