L
LabZero
Thread author
- Content source
- https://threatpost.com/oracle-patches-java-zero-day/113792
Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign.
The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart of the July update. There are more than two dozen patches for Java this quarter, at least one of which is being exploited actively.
“Also included in this Critical Patch Update are 25 fixes Oracle Java SE. 23 of these Java SE vulnerabilities are remotely exploitable without authentication. 16 of these Java SE fixes are for Java client-only, including one fix for the client installation of Java SE. 5 of the Java fixes are for client and server deployment. One fix is specific to the Mac platform,” Eric Maurice from Oracle said in a blog post.
Read more
The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart of the July update. There are more than two dozen patches for Java this quarter, at least one of which is being exploited actively.
“Also included in this Critical Patch Update are 25 fixes Oracle Java SE. 23 of these Java SE vulnerabilities are remotely exploitable without authentication. 16 of these Java SE fixes are for Java client-only, including one fix for the client installation of Java SE. 5 of the Java fixes are for client and server deployment. One fix is specific to the Mac platform,” Eric Maurice from Oracle said in a blog post.
Read more
