Thursday, October 14, 2010
Suddenly, a huge collection of security updates for Java
Oracle is not wasting any time coming up to speed at releasing updates now that it has recently become the owner of Java. Their recent update for Java 6 fixes a huge number of bugs.
Here is a short article about the recent Java 6 security update by computer security reporter Brian Krebs, formerly with the Washington Post.
Java 7 has not been released yet. It is still under development. So Java 6 is probably the version of Java that most people have.
If you have a Mac, Apple generally rolls these patches out periodically in their own subsequent updates to Mac OS X.
If you have Windows, Microsoft does not since they are not involved with optimizing Java for their platform or contributing improvements back to Sun (now Oracle) like Apple does. However, on the other hand you can get these updates sooner than Mac users do in many though definitely not all cases.
Regardless of which OS you run, you should update your Java when the updates become available. Like any software, make sure you get them from the vendor. Not from random, convenient-looking web sites you find by doing a web search or unofficial torrents. Get patches for the Windows version from oracle.com, and the Mac version gets updated when you run your Software Updates command.
By the way, the Flash update that came out in the middle of 2010 fixed more holes than this Java patch did.
I guess the real number in the back of people's minds after the huge bundles of patches that came out in the first half of October 2010 for Flash, Java, Windows IE, and Windows itself is ... how many more exploitable security flaws are left in each of these?
And of those that are left, how many will be exploited?
Here is a short article about the recent Java 6 security update by computer security reporter Brian Krebs, formerly with the Washington Post.
Java 7 has not been released yet. It is still under development. So Java 6 is probably the version of Java that most people have.
If you have a Mac, Apple generally rolls these patches out periodically in their own subsequent updates to Mac OS X.
If you have Windows, Microsoft does not since they are not involved with optimizing Java for their platform or contributing improvements back to Sun (now Oracle) like Apple does. However, on the other hand you can get these updates sooner than Mac users do in many though definitely not all cases.
Regardless of which OS you run, you should update your Java when the updates become available. Like any software, make sure you get them from the vendor. Not from random, convenient-looking web sites you find by doing a web search or unofficial torrents. Get patches for the Windows version from oracle.com, and the Mac version gets updated when you run your Software Updates command.
By the way, the Flash update that came out in the middle of 2010 fixed more holes than this Java patch did.
I guess the real number in the back of people's minds after the huge bundles of patches that came out in the first half of October 2010 for Flash, Java, Windows IE, and Windows itself is ... how many more exploitable security flaws are left in each of these?
And of those that are left, how many will be exploited?
Labels: java, oracle, security, snafus
