Oracle update looks to end Java security saga, patching 42 flaws

Oracle is taking steps to reverse a torrid year for its computer platform Java, this week releasing a major security update that fixes as many as 42 vulnerabilities discovered in the programming language.

Oracle chief executive Hasan Rizvi has moved to reassure users by claiming the new patch covers the “vast majority” of the flaws rated as most critical, reports Reuters. Outlining a key change, Rizvi explained that in the default setting, sites will not be able to force small Java ‘applets’ to run in the browser unless they have been digitally signed.

While the update does not eradicate every identified problem, Rizvi says none of the unpatched flaws are currently being exploited.

Oracle, which acquired Java in 2010 as part of its Sun Microsystems buyout, will be hoping the release keeps Java out of the security headlines for an extended period of time, following a year of hacks and holes coming to light.

This has seen major organisations in both the public and private sectors shun the platform, including Apple’s decision to drop Java from its Mac OS last year and the US Department of Homeland Security's recommendation that users completely disable Java in their web browsers.

If the new patch still doesn’t convince you over the safety of using the programming language, be sure to consult our guide to disabling Java.