February update for Java SE Critical Patch addresses 50 security vulnerabilities, 44 affect the use of Java as a plug-in for web browsers, according to a blog posted Friday Oracle. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious websites.
"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS independent Java makes it an attractive target for hackers," Eric Maurice, director of Oracle Security Insurance Software, said in the blog.
Security experts have warned against holes in the Java Plug-in, some even suggest that users uninstall or disable Java until its safety can be enhanced.
Oracle has released a security update emergency Jan. 13. But this update has left some gaps still uncorrected, prompting Homeland Security recommend that users always disable Java.
Correction Friday was originally scheduled for February 19. But Oracle said it has decided to ramp up schedule after finding that one of the defects in the Java Runtime Environment has been actively exploited. The new update fixes this vulnerability specific and includes all patches updated January.
"Oracle has estimated that the publication of the Critical Patch Update two weeks ahead of our schedule, instead of releasing a point solution through a security alert, would be more effective in helping to preserve the state's security Java client, "Maurice noted.Oracle has also been criticized in the past for not properly protected or keep Java updated to protect against security breaches. Society has awarded custody of Java after the acquisition of Sun Microsystems in 2009.
Users already running Java must receive notice that an update is available.
The latest version can also be manually installed or updated page from the Oracle Java product. Java users can ensure that the latest version is active through the Oracle Java verification. FAQs on Java and its use is available online as well.
