“Oracle’s intent is to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers,” Eric Maurice, director of software security assurance at Oracle, wrote in a blog yesterday. “As a result, we will be issuing a Critical Patch Update to Java SE on April 16, 2013 at the same time as the normally scheduled Critical Patch Update for all non-Java products.”
RELATED CONTENT
Experts worry over Oracle’s security track record
‘Redesign’ needed to fix Java security woes?
All but one of the vulnerabilities fixed on Tuesday apply to client deployment of Java. Four of the five flaws dealt with can be exploited through Java Web Start Applications on PC and Java applets in browsers.
Three of those four vulnerabilities are rated 10 on the Common Vulnerability Scoring System scale. That is the highest rating which means they are critical and could completely compromise the integrity and availability of systems that have Java running on administrator privilege, said Maurice.
The impact will be less on systems such as Linux or Solaris where Java does not have administrator privileges.
For more information and to download the updates click here