Oracle is releasing a massive security update consisting of 147 patch batches. As reported by Computerworld, affected software include products in the company's Fusion Middleware portfolio, PeopleSoft, the Solaris operating system and Java SE, among others.
Some visitors to Yahoo.com were infected with malware over the course of a few days, says Netherlands-based security firm Fox IT.
Despite significant improvements in recent months, vulnerabilities in Java continue to represent a major security risk for organizations, according to a new report by security vendor Bit9. Based on usage data collected from about a million enterprise endpoints owned by almost 400 organizations, the report attributed this to the use of outdated versions of Java.
Oracle is scheduled to release fixes for 40 security vulnerabilities in a Critical Patch Update for Java SE today.
Security vendor Websense believes it has uncovered the core problem behind the recent spate of high-profile attacks that exploited Java within browsers.
Fed up with the seemingly endless stream of security flaws discovered in Java? Despite efforts by Oracle to respond faster when resolving vulnerabilities that crop up on the Java platform, don't expect the problem to let up any time soon, according to security researchers and security vendors.
In the face of widespread attacks against a number of types of plug-in software, Brad Chacos of PC World did an experiment to see if it is possible to go without Java, Adobe Reader, and Flash--and their respective browser plug-ins.
Oracle has finally admitted to security issues with its Java web browser plug-ins, acknowledging in a blog post late last week that users may have been "frustrated with Oracle's relative silence on the issue."
Yet another security vulnerability has been discovered in Java, which means that recent changes to thwart drive-by attackers against web browsers can be circumvented. The somber warning was issued by Adam Gowdiak, CEO of Security Explorations, in a Sunday mailing list post.
Enterprises should instead be asking themselves: Why shouldn't Java be removed?