Skip to main content

Oracle releases massive security patch for Java

Oracle has released a large security patch for Java, which closes 51 separate loopholes that hackers commonly exploit to take control of machines.

In the advisory for the update, the company advises users that: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible." The update is one in a series that have come this year, after Milton Smith, Java security lead at Oracle, promised to "fix Java" in January.

Java is one of the most popular programming languages in use today, with over nine million developers. Its popularity is largely due to its compatibility with a huge variety of different platforms. The language is intended to let application developers "write once, run anywhere," meaning code that runs on one platform does not need to be recompiled to run on another.

However, Java applets are also one of the most common delivery systems for malware, which could include rootkits, Trojans, keyloggers, RATs - and potentially fold a user's PC into a massive worldwide botnet.

Twelve of the security vulnerabilities patched in the update have been given a Common Vulnerability Scoring System (CVSS) score of 10, indicating that they can be used to seize full control of an attacked machine without requiring any authentication.

Java has long been plagued by severe security concerns, with Apple dropping the language last year over security concerns.

In January, security experts recommended that computer users should disable or uninstall Java following the discovery of a previously unknown Java exploit that could allow hackers to take control of vulnerable computers.

Java runs on over three billion devices worldwide, and is used in some form by 89 per cent of desktops. This success has also been a curse for its developers, as the programming language's ubiquity makes Java a favourite target of hackers and those seeking to exploit vulnerable machines.

Some security advisors have long urged users to uninstall Java if they do not need it on an everyday basis.