It’s time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities.
The United States software maker Oracle releases its security updates every three months, which it referred to as "Critical Patch Updates" (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced.
From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user.
Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashing an application or an entire system.
In the latest update, the vulnerability has been fixed in the current version of the “Java SE 8 Update 5" and to the newer release "Java SE 7 Update 55".
In addition to the Java SE, vulnerability has been fixed in each affected software product including:
Among the security updates, 4 out of 37 Java vulnerabilities are very serious that have been evaluated in the maximum rating of 10.0 in the CVSS (Common Vulnerability Scoring System) base score of common indicators risk, those must be considered as very critical.
CVE-IDs of 37 Serious Java Vulnerabilities: