Oracle released Critical Patch Update .
This patch update includes 40 security fixes and 37 of
which aimed at stopping attackers or hackers acessing software's remotely,
without having userid or password.
The majority of security fixes only affect client side.
This type of vulnerabilities are 34. According to Oracle's CVSS Rating Schema,
some of the flaws rate as typicle, that gets the highest rating of 10.
Four vulnerabilities are able to have their impact on
client and server, with the flaw reaches to CVSS score 7.5.
And one vulnerability also fixed in latest updates
affects the JAVA installer, but it can be exploited locally.
The last fix affects the Javadoc tool and any documents
created by any of Oracle's software.
In Javadoc
versions 1.5 or other versions after that, there is a vulnerability in Javadoc
created HTML files, which hosted on a web server, that allows hackers to
inject malicious frames into that web
page. which will makes visitors to redirect to other sites through web
browsers.
The security patch from oracle recently launches a new
tool-"Java API Documentation Updater Tool"- that will fix already
created and therefore vulnerable HTML files.
Oracle announces next date of launching the patches
updates to 15 October 2013 and 14 January next year.
No comments:
Post a Comment