Oracle has pushed out a key security update for Java, a software that’s widely used in web applications and websites. This is already the second security update that Oracle has released in under three weeks to plug security holes in Java, holes that could be exploited by attackers to run malicious code on PCs.
The latest Java update comes in the wake of Apple’s decision to block the Java plugin on Mac OS X after it found the security update released in mid-January insufficient to patch vulnerabilities. However, Apple has now allowed the latest version of Java on computers running its OS. Computerworld notes that Apple has released a Java 6 update for users running Mac OS X Lion and Mac OS X Mountain Lion but they will have to manually update to Java 7.
Eric Maurice of Oracle writes in the company’s blog, “The original Critical Patch Update for Java SE was scheduled on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation ‘in the wild’ of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.”
He continues, “The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS-independent, makes Java an attractive target for malicious hackers.”
Sources: Computerworld, Oracle Blogs