Oracle has been receiving a lot of backlash recently about Java security
and vulnerability and has pushed out several patches recently. In one more
release, Eric Maurice announced
on Oracle blogs another release of a critical patch.
As a matter of fact, this release came out earlier than expected. From the blog:
The original Critical Patch Update for Java SE was scheduled
on February 19th, but Oracle decided to accelerate the release of this Critical
Patch Update because active exploitation “in the wild” of one of the
vulnerabilities affecting the Java Runtime Environment (JRE) in desktop
browsers, was addressed with this Critical Patch Update.
In addition to a number of security in-depth fixes, the
February 2013 Critical Patch Update for Java SE contains fixes for 50 security
vulnerabilities. 44 of these
vulnerabilities only affect client deployment of Java (e.g., Java in Internet
browsers). In other words, these
vulnerabilities can only be exploited on desktops through Java Web Start applications
or Java applets. In addition, one
vulnerability affects the installation process of client deployment of Java
(i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update
includes the fixes that were previously released through Security Alert
CVE-2013-0422.