Oracle Releases Critical Patch Update for Java SE

Oracle Releases Critical Patch Update for Java SE

Oracle has been receiving a lot of backlash recently about Java security and vulnerability and has pushed out several patches recently. In one more release, Eric Maurice announced on Oracle blogs another release of a critical patch.

As a matter of fact, this release came out earlier than expected. From the blog:

The original Critical Patch Update for Java SE was scheduled on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities.  44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers).  In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets.  In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops).  Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.

Next Recommended Reading Oracle Releases Java SE 7