Posts Tagged: Common Vulnerability Scoring System


15
Jul 14

Java Update: Patch It or Pitch It

Oracle today released a security update for its Java platform that addresses at least 20 vulnerabilities in the software. Collectively, the bugs fixed in this update earned Oracle’s “critical” rating, meaning they can be exploited over a network without the need for a username and password. In short, if you have Java installed it is time to patch it or pitch it.

javamessThe latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 65. Those who’ve chosen to upgrade to the newer, “feature release” version of Java — Java 8 — will find fixes available in Java 8 Update 11.

According to Oracle, at least 8 of the 20 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 9.0 or higher (with 10 being the most severe). Oracle says vulnerabilities with 9.x CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system. Continue reading →


16
Apr 14

Critical Java Update Plugs 37 Security Holes

Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).

javamessThe latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 55. Those who’ve chosen to upgrade to the newer, “feature release” version of Java — Java 8 — will find fixes available in Java 8 Update 5 (Java 8 doesn’t work on Windows XP).

According to Oracle, at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 10.0 — the most severe possible. According to Oracle, vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system. Continue reading →