Yahoo Delivers Five-Year-Old Version of Java with SiteBuilder

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Krebs on Security's Brian Krebs recently noticed that Yahoo's free SiteBuilder tool is unfortunately bundled with Java 6 Update 7, which dates back to 2008.

"Oracle just released Java 6, Update 39, meaning that SiteBuilder installs a version of Java that includes hundreds of known, critical security vulnerabilities that can be used to remotely compromise host PCs," Krebs writes.

"It’s uncertain if Java 6 Update 7 is the only version on which the site builder app works, but that’s highly unlikely," writes Softpedia's Eduard Kovacs. "The more plausible scenario is that Yahoo! has simply forgotten to update the Java installer along with the application."

"Over the last several months, Oracle has shown that it’s trying to respond more quickly to critical security issues," writes Geek.com's Lee Mathews. "Unfortunately not everyone that’s offering up Java downloads has bothered to maintain the same pace."