甲骨文发布了季度安全补丁更新,总共修复了128个安全漏洞,42个属于Java SE 安全漏洞,其中19个是高危漏洞,39个与Java Web Start插件相关。Java主要应用于服务器端,需要客户端运行Java applet的网站并不多见。甲骨文建议企业和机构尽可能快的应用安全更新。过去几个月,不断有互联网公司报告因为Java(主要是插件)0day漏洞而导致计算机被黑客入侵。安全专家担心,根据新发现Java漏洞的频率,Java在很长时间内将仍然会是一种容易受攻击的软件。
Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible.