Oracle’s critical patch update includes 127 fixes across product line

Oracle has released its latest Critical Patch Update (CPU) and includes 127 security fixes across its product line, with 51 of them exclusively for Java application.

The update also includes fixes for other Oracle products including the E-Business Suite, MySQL and the Primavera Products Suite.

Out of the total 51 fixes for Java, 50 were intended for Java Applets and Java WebStart, which are used when users run applications in web browser.

About 12 of total vulnerabilities being patched can be exploited, while others can access a network without authentication.

Qualys CTO Wolfgang Kandek said that the majority of vulnerabilities are concentrated on desktop or laptop deployments, with the most common attack vector being web browsing and malicious web pages.

"The new version is Java 7 update 45, and you should update as quickly as possible on your desktop and laptop machines," Kandek said.

"Java 6 is also vulnerable to 11 of the 12 highly critical vulnerabilities, but there are no more public patches for Java 6.

"The recommended action for Java 6 here is to upgrade to Java 7 if possible. If you cannot upgrade, I would recommend to isolate the machine that needs Java 6 running and not use it for any other activities that connect it to the Internet, such as e-mail and browsing."

The remaining 76 flaws enable remote unauthenticated access for the hackers, which are critical on applications that are open to the internet.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up