Oracle intends to make Java more secure

Oracle has recognized the recent security problems that have arisen with Java, and plans to implement several new features, at least three to address such incidents.

According to the corporation, in October 2013, will be released quarterly package of Oracle Critical Patch Update. Usually this patch includes fixes for the same time all the products that will not solve the problem of the so-called vulnerability “zero day“. However, some modification of code fragments, most likely, will help to quickly eliminate other potential vulnerabilities in Java for portable workstations and servers. (more…)

Oracle: Release Java SE 7 Update 21

Oracle has released Java SE 7 Update 21: eliminating of 45 vulnerabilities, and support for ARM

Oracle (Oracle Corporation) has unveiled the planned corrective release Java SE 7 Update 21, which fixed 42 security problems, as well as a portion of the improvements introduced to increase security. In addition, despite the decision to end the public release updates Java SE 6, as this branch is still actively used, published release Java SE 6 Update 45 with elimination of 25 vulnerabilities.

19 vulnerabilities assigned the highest level of risk (CVSS Score 10.0), implying the possibility of going beyond an isolated virtual machine environment and the initiation of the code in the system when processing a specially decorated content. All of the vulnerabilities present in the JRE. (more…)

The new Java update will be released February 19

In the new version of the February 2013 Critical Patch Update will include additional fixes.

Updates for Java, Oracle released on February 1 of this year, as it turned out, did not remove all the vulnerability. In this regard, on February 19 will be issued a new update, as previously planned.

Due to the discovery of exploits for vulnerabilities Java, updates were quickly released at unscheduled times. Expert Company, Eric Maurice has published a blog post: “Oracle plans to release the February version of critical updates to the original scheduled date.”

Since August 2012, when the first reports appeared that vulnerabilities in Java extensively used by malicious web-sites, Oracle is struggling to regain the trust of users. (more…)

The new exploit for Java can be bought for $5000

Less than in a day after the Oracle developers corrected a dangerous gap in Java allowing far off to compromise target system on the basis of Windows OS, at underground Internet forums started sales of exploit for the next vulnerability of zero day in this platform.

According KrebsOnSecurity, one of the administrators of the hacker’s resource, whose name was not disclosed, posted a message that he is willing to sell the source code for the two immediately exploit zero-day vulnerabilities in Java. With this software should get to the first two customers for $ 5K

The report also noted that these gaps appear in Java 7 Update 11 and have not yet been included in any hacking tools offered by the network. According to the newspaper, the first sale was made shortly after the publication of the advertisement. (more…)

Updates from Oracle not fix vulnerabilities in Java

Experts advise all companies to disable Java on the computers of all employees.

Oracle has released an emergency update to its Java software over the weekend, which should have prevented the main drawback of IT-security software. However, experts say that the update does not work. Recall that the update was released after the Department of Homeland Security urged PC users disable Java on their devices because of the vulnerability.

Discovered vulnerability being exploited for identity theft and other crimes. This was reported by representatives of the Department of Homeland Security.

Adam Gowdiak, researcher in the field of information security from Poland, who last year discovered several vulnerabilities in Java, said the upgrade from Oracle does not remove all of the existing gaps.

Currently, some companies in the field of information security, advise companies to remove Java from browsers all employees. (more…)

Oracle has released an emergency patch for Java 7

Due to the high level of risk and discussion in the IT industry, Oracle released a few hours ago, a fix for the Java 7, which was previously found a serious vulnerability, allowing a malicious files on your computer.

Recall that the company intends to release quarterly patch set tomorrow, where will eliminate 86 vulnerabilities, but considered Java-vulnerability was particularly well publicized and on its basis have appeared of malware that has forced Oracle to release a fix as soon.

The specified vulnerability of CVE-2013-0422 since Friday is included into couple of the most popular systems of testing of vulnerabilities, and on the Internet already there were the sites uses this vulnerability.

The blog at the same time with the release of Oracle Java 7 Update 11 there was a record of Eric Morris, who said that Oracle calls as soon as possible to install an updated version of the system. He also noted that in the network there are at least a couple of different Java-applets that use of compromised Web sites. (more…)

Multiple vulnerabilities in Oracle WebCenter Sites

Multiple vulnerabilities in Oracle WebCenter Sites

Danger: Middle
Patch: Yes
Number of vulnerabilities: 5

Impact: Disclosure of sensitive data
Unauthorized manipulation of data

Affected Products:

• Oracle WebCenter Sites 11.x

• Oracle WebCenter Sites 6.x

• Oracle WebCenter Sites 7.x

Affected versions: Oracle WebCenter Sites version 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. (more…)

Oracle has eliminated 109 vulnerabilities

Security fixes affect 10 products, including a new version of Java.

Oracle released the final version of its quarterly update that fixes 10 vulnerabilities in the 109 products of the company. In this issue patches coincided with the release of the new version of Java, which was removed 30 holes.

Note that most experts attach great importance to this update because the past few years, vulnerabilities in Java began to enjoy the most popular with hackers and virus writers.

Among the many updates, technical director of Qualys (specializes in cloud security) Wolfgang Kandek isolated patches for Solaris and MySQL as a top priority. According to him, they are the most important to the servers connected to the Internet. (more…)

Tomorrow Oracle will eliminate 109 critical vulnerabilities in its products

The company posted a pre-release future updates that will affect “hundreds of its products.”

Oracle has announced the development of the next service pack and hotfixes (Critical Patch Update, CPU), which is scheduled for October 16 this year.

According to the company, the package will be removed 109 patches critical vulnerabilities found in some products.

Note that in the preparation of the update in August of this year, almost all of the efforts of Oracle were thrown at addressing a zero-day vulnerability found in the components of Java. Thus, a number of gaps remain unresolved in other products of the developer. (more…)

Oracle Corporation – the largest producer of business software

Oracle Corporation – one of the largest U.S. companies, the developer of database management systems, tools for database development, and ERP-systems. Dates back to 1977, has branches in more than 145 countries around the world.

For thirty years, Oracle Corporation is the largest producer of business software, offering applications and services that enable organizations to derive maximum advantage from the most current and accurate information provided by their business systems.

Oracle software has three main product families Corporation: Database Management System Oracle Database, complex middleware and the Oracle Fusion Middleware family of full-featured business applications Oracle Applications. Oracle Corporation provides its products and services in the areas of consulting, training and support in more than 145 countries worldwide. (more…)