Oracle releases bumper security update for Java

Minecraft pumpkin heads Many popular applications such as block-building game Minecraft use Java

Related Stories

Oracle has released a bumper update package for Java that closes lots of security holes in the software.

The update fixes 51 separate security bugs in Java, which owner Oracle says is used on billions of devices.

About a dozen of the bugs were serious enough to allow attackers to take remote control of a compromised system, researchers said.

Java is one of the most popular targets for cyber-thieves and malware writers seeking to hijack home computers.

In its advisory about the update, Oracle urged customers to patch the software as soon as possible "due to the threat posed by a successful attack".

Programming language Java has proved popular because software written with it can easily be made to run on many different types of computer.

Twelve of the holes in Java addressed by the update topped the table that ranked the severity of security weaknesses in software, wrote Qualys security expert Wolfgang Kandek in a blogpost.

If these bugs were exploited, attackers could bypass ID controls and take over a target system, he added.

He said those seeking to exploit Java would probably seed web pages with booby-trapped links in a bid to catch vulnerable machines.

Security glitches in Java are favourites among those that write and run so-called "exploit kits" that seek to compromise vulnerable websites and other systems.

Security blogger Brian Krebs said if people needed to run Java, it was well worth taking time to apply the update.

Those that did not need the software should consider disabling it altogether, he said.

"This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants," he wrote.

The update is available via the main Java website and has prompted follow-up action from other electronics firms. Apple has released an update to the version of Java that runs on its computers. This update points people towards the official version of Java from Oracle instead of that supplied by Apple.

In the past, Apple has faced criticism over the speed with which it updated its version of Java.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(SID)

Road designs that trick our minds

Subconscious signs used for safer driving Read more...

Programmes

  • A motorised skateboadThe Travel Show Watch

    The motorised skateboard which can reach speeds of 17mph (27 km/h) and other travel technology

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.