Critical Patch Update

Oracle released Critical Patch Update .

This patch update includes 40 security fixes and 37 of which aimed at stopping attackers or hackers acessing software's remotely, without having userid or password.

The majority of security fixes only affect client side. This type of vulnerabilities are 34. According to Oracle's CVSS Rating Schema, some of the flaws rate as typicle, that gets the highest rating of 10.

Four vulnerabilities are able to have their impact on client and server, with the flaw reaches to CVSS  score 7.5.

And one vulnerability also fixed in latest updates affects the JAVA installer, but it can be exploited locally.

The last fix affects the Javadoc tool and any documents created by any of Oracle's software.

 In Javadoc versions 1.5 or other versions after that, there is a vulnerability in Javadoc created HTML files, which hosted on a web server, that allows hackers to inject  malicious frames into that web page. which will makes visitors to redirect to other sites through web browsers.

The security patch from oracle recently launches a new tool-"Java API Documentation Updater Tool"- that will fix already created and therefore vulnerable HTML files.

Oracle announces next date of launching the patches updates to 15 October 2013 and 14 January next year.

Java interview questions

Q.1 What is the difference b/w abstract class and interface?
Ans. If a class is, abstract class then there must  be its subclass, and also, if a class is abstract then this does not mean that its method must be abstract.
In interface, methods are only declared but not defined. By the help of interface, multiple inheritance can also be achieved.

Q.2 What is the purpose of garbage collection in java?
Ans. The only purpose of garbage collection , is to avail the space by removing those resources which are not used from a long time and the space obtained by removing them, is used for other objects.
System.gc();

Q.3 Describe synchronization in respect to multithreading?
Ans. With respect to multithreading, In Java, synchronization is the capability to control the access of multiple threads to shared resources. In Java, without synchronization, it is possible for one thread to modify a shared variable while another thread is in the process of using or updating same shared variable. That normally leads to significant errors.

Q.4 What are pass by value and pass by reference?
Ans. In pass by reference the address of parameter or variable is passed while in pass by value , only copy of parameter or variable is passed. for ex:- in C and C++, Call by value and Call by reference.

Q.5 How can we use threads?
Ans. Threads could be used by implementing Runnable interface.
ex: public class Thread implements Runnable
{
Public void run()
{
System.out.println(“show is called”);
}
Public static void main(String args[])
{
//////////
}
}

Oracle TZUpdater tool

The senior director of Oracle ,in product management of Java platform group, Henrik Stahl a recent press conference announced that they removed the TimeZone Updater Tool on March 8 from Oracle Technology network.

The company told that this is due to maintenance and also noted that this tool was only for Oracle Java SE  customers. TZUpdater tool allows an Oracle JDK/JRE users to bind their installation with the most recent time zone data.Because of which, It becomes very difficult to keep Time Zone Updater tool,to update time to time, He said.