Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities


  • Please log in to reply
10 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:05:06 AM

Posted 21 January 2015 - 04:27 PM

 

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software.
 
The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL.
 
The security update for Oracle’s popular browser plug-in Java addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network.

 

 

Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:06 PM

Posted 21 January 2015 - 05:06 PM

The Patch Man cometh again....


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rp88

rp88

  • Members
  • 3,047 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:06 PM

Posted 21 January 2015 - 05:17 PM

What is it with tuesdays?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 21 January 2015 - 05:26 PM

What is it with tuesdays?


Normal people hate Mondays. Software developers hate Tuesdays? :P On a side note, time to update my Java SE and JDK right away.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:06 PM

Posted 21 January 2015 - 05:39 PM

As I generally advise folks...using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.Although Java is commonly used in business environments and many VPN providers still use it, the average user does not need to install Java software.I recommend just uninstalling Java if you don't use it.If you're going to use Java, many security researchers and computer security organizations caution users to limit their usage and to disable Java Plug-ins or add-ons in your browsers.

If you need Java for a specific Web site, consider adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site(s) that require(s) it.

Krebs On Security: ...Java

To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

US CERT: Disable Java in web browsers

* How to disable Java Plug-ins or add-ons in common web browsers .
* How to turn off Java on your browser
* QuickJava Firefox Addon
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 21 January 2015 - 05:44 PM

I use Netbeans and I need to use Eclipse with Android SDK for my Android Dev. class this semester at school, so I'm stuck with it :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 rp88

rp88

  • Members
  • 3,047 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:06 PM

Posted 21 January 2015 - 05:57 PM

These are the links i would mention when this topic comes up:


http://www.howtogeek.com/122934/java-is-insecure-and-awful-its-time-to-disable-it-and-heres-how/?PageSpeed=noscript

http://www.howtogeek.com/134353/how-to-protect-yourself-from-java-security-problems-if-you-cant-uninstall-it/?PageSpeed=noscript

The thing with java is that thesedays very few sites actually use it so unless it is needed for a desktop program then it isn't something you are likely to need. A good principle of security is to reduce the number of plugins and add-ons in your browser to only those that you use as this helps minimize attack surface.

Edited by rp88, 21 January 2015 - 05:57 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:06 PM

Posted 21 January 2015 - 06:15 PM

QuickJava is a Firefox extension that allows you to easily and quickly enable/disable Java if you must use it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 21 January 2015 - 06:17 PM

I just tried to login to a website that I have to use for doing my Philo class at home this semester, and it tells me that I need Java :lol: Good job, website.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Juliet

Juliet

  • Malware Response Team
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:06 PM

Posted 22 January 2015 - 10:24 AM

Firefox and NoScript work well together.
MS - MVP Consumer Security 2009 - 2016, rMS-MVP 2017
Microsoft Windows Insider MVP 2016-2017

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 22 January 2015 - 11:56 AM

Firefox and NoScript work well together.


And for Google Chrome, ScriptSafe it is :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users