Oracle's Latest Advisory Mitigates 17 Security Flaws in Java SE

The latest Critical Patch Update by Oracle addresses 17 vulnerabilities in Java SE.

Albuquerque, NM (prHWY.com) June 9, 2011 - Albuquerque, NM, United States - The latest Java critical update by Oracle mitigates 17 security vulnerabilities. Out of them, five are associated with client and server deployments of Java Standard Edition (SE), eleven only pertain to client deployments, and one relates to server deployments of Java SE. Nine of the vulnerabilities score 10 as per Oracle's Common Vulnerability Scoring System (CVSS), while three score 7.6, four others score 5.0 and one scores 2.6. The vulnerabilities allow attackers to execute remote code, without any authentication over a network. Attackers may exploit the vulnerabilities through untrusted Java web start applications, and Java applets. They may also exploit the security flaws by supplying data to Application Programming Interfaces (APIs) without making use of Java start applications, and applets. Users with administrative privileges such as on Windows are more susceptible to the security vulnerabilities. For users not running Java applications with administrative privileges such as on Solaris and Linux, the vulnerability score stands at 7.5 for vulnerabilities rated as 10 as per Oracle's CVSS. The vulnerabilities affect JDK, JRE 6 Update 25 and prior versions, JDK 5.0 update 29 and prior, SDK 1.4.2_31 and prior versions.

While rating vulnerabilities, Oracle takes into account prerequisites for exploitation, ease of exploit, and the impact of attack on integrity, availability and confidentiality. The vendor then converts the information into scores ranging from zero and ten, wherein the latter signifies highest severity.

Oracle's issues cumulative critical patch updates for Java SE in the months of February, June, and October. Java applications are increasingly becoming targets of cybercriminals. Attackers try to take advantage of the time lag between security update and its implementation by the users. Users must immediately install the security updates to avoid exploitation of the security flaws.

Professionals qualified in IT masters degree may enable organizations to identify, prioritize and apply requisite security updates. Prioritization of security updates is crucial to safeguard organizational systems and networks from sophisticated attacks of cybercriminals. Unauthorized access to privileged databases, may adversely impact business interests, and lead to financial and strategic losses.

Software products are susceptible to vulnerabilities due to programming errors, and use in different security environments. Attackers constantly research and evolve their attack techniques to breach security of software products and applications.

Developers must constantly evaluate software products to identify weaknesses and security flaws. Testing products under different environments may allow developers to make proper assessment of security threats. Online technology degree programs may facilitate IT professionals in keeping themselves abreast of latest developments, and devise improved security mechanisms.

Organizations must update employees on latest security threats, preventive measures, security practices, and incident reporting. They must also sensitize employees on the consequences of lax security practices on organization, personnel, customers, and other stakeholders. Employees may abreast themselves of security fundamentals and threats through online computer degree courses, e-learning programs, and online tutorials. Adherence to security updates and alerts by vendors, and IT security firms may help in fostering security conscious culture in organizations, and improve defenses against varied forms of security threats emanating in the Internet environment.

Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: api, vulnerabilities, security update, java se, critical patch update, java, oracle, cvss, web start applications, java applets, windows, solaris

Categories: Internet

Link To This Press Release:

URL HTML Code