Oracle Releases Java Patch Update

Oracle on Friday released a critical patch update for Java SE, offering the patch ahead of schedule to stave off an active exploitation affecting the Java Runtime Environment in desktop browsers. Server-side fixes are being offered as well. Initially scheduled for release on February 19, the February 2013 critical patch update contains fixes for 50 vulnerabilities. Java has been under fire lately for security issues, particularly affecting browsers, and Oracle recently vowed to be more communicative about what it is doing to fix these problems.

Forty-four of the 50 vulnerabilities impact Java in Internet browsers. In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets. In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.