14 DAY TRIAL // Oracle rolled out a new set of updates for its products as part of the company's quarterly Critical Patch Update, and Java received no less than 20 security-related fixes, all allowing a potential attacker to exploit flaws without the need to authenticate.
In the case of users with Java 7 on their system, and this includes Windows XP machines, too, applying the latest patch should bring the update number to 65. With Java 8, the update number is 11.
Although all 20 Java vulnerabilities present remote exploitation risks, only eight of them have been deemed by the company to be more serious, being assigned a Common Vulnerability Scoring System (CVSS) score greater than 9.
Out of these, one vulnerability (CVE-2014-4227) has been labelled with the top severity mark of 10, meaning that exploiting it is far from being complex and the impact is quite significant. It affects Java 8u5, 7 u60 and 6u75.
Most of the severe glitches have been given a 9.3 score, as the complexity of leveraging them is not too high. The network is the attack vector in all these cases.
The entire Critical Patch Update contains a total of 113 fixes, for multiple Oracle product families; this means that they impact hundreds of products.
Users are advised to update their Java installation, if available on their systems, as soon as possible in order to mitigate the security risks.