Oracle Says Java Update Coming Tuesday
Posted 13 January 2013 - 08:16 AM
this way we can get rid of all sun java products just as I got rid of all apple products and devices and microsoft bloatware - except the os ..
if i can find some alternatives to adobe products i can rid myself of windows also
much faster and more free environment ..
Posted 13 January 2013 - 08:47 AM
And as for apple compiling its own java code, they actually handed over responsibility for java back to Oracle sometime last year if I'm not mistaken...
Posted 13 January 2013 - 08:50 AM
Posted 13 January 2013 - 10:02 AM
Morph into "Oracle says Java update coming TUESDAY" (emph mine)
Even the article you linked to in your story sez "shortly"
The 86 vulnerability patches you mention & link to are NOT all specific to Java JRE 7 u 10 and do NOT mention nor include the SPECIFIC Java Zero-Day vulnerability recently disclosed.
QUOTE: Oracle is preparing to ship 86 patches covering security vulnerabilities in a wide span of its products, with 18 of the fixes aimed at the MySQL database alone...
But another five patches will be shipped for Oracle Database Mobile/Lite Server...
Various components of Oracle Fusion Middleware, including WebLogic Server and Access Manager, will receive seven patches...
Some 13 patches concern Oracle Enterprise Manager Grid Control....
The remaining fixes set to ship Tuesday cover Oracle applications such as E-Business Suite and JD Edwards, as well as the Sun Storage Common Array Manager and Oracle's virtualization technology....
Still no SPECIFIC mention of the Zero-Day. Sloppy, shoddy & misleading reporting IMHO.
Posted 13 January 2013 - 02:32 PM
I acknowledge that there are treats out there, but many writers or bloggers tend to exaggerate many of the things they write about virus, flaw, worms, etc. Usually the main contributors to these story are Anti-Virus companies, like Norton, McAffe, Kaspersky and others.
As for the mention of Apple removing Java from the software, is incorrect. Only the newest version of OS-X Mountain Lion comes without Java. All previous version came with it. Also this gives people a false sense of security because once someone go to a web site that needs Java, most people will click and install Java on their brand new OS -X. Back to square one.
What these Anti-virus should do is provide or block these questionable web sites. I do understand that as soon one is mark, another will pop up, but it will keep these hackers working overtime until they get tired of it or is not profitable and dangerous for them. Most of these web sites use the same server which can be trace.
Posted 13 January 2013 - 08:47 PM
Oracle Security Alert for CVE-2013-0422
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
Is it Tuesday already? ;-)'
Posted 14 January 2013 - 05:17 AM
The 86 patches comprise their regularly scheduled quarterly patch cycle for ALL their products... their last (Oct '12 IIRC) contained 109. Adobe follows the same pattern, quarterly patch cycles with "out-of band" (cycle) patches for serious vulnerabilities such as the one they put out last week for Adobe Reader & Acrobat 11. Mico$oft does monthly patch cycles the 2nd Tues of each month, the last being last Tues... M$ is issuing an "out-of band" patch today for Internet Ex-PLODE-r 6,7 & 8...
This is normal & par for the course as unfortunately there's a lot of miscreants out there developing new vulnerabilities/exploits...There's a LOT of $$$$ in it for them.
Posted 14 January 2013 - 05:24 AM