Java 7 Update 21 to fix bugs, change applet warning messages
The new update will fix 42 security issues, 39 of which are remotely exploitable
IDG News Service - Oracle will release a new version of Java on Tuesday that will include 42 security fixes and will make changes to how Web-based Java content will be presented inside browsers.
Thirty-nine of the vulnerabilities patched by the new Java 7 Update 21 (7u21) can be exploited remotely without authentication, Oracle said in a pre-release announcement. Some of them have the maximum score on the CVSS 2.0 scale used by Oracle to rate the severity of vulnerabilities.
In addition to security fixes, the new update will also make changes to how Java applets -- Web-based Java applications -- are handled and presented in Web browsers that have the Java plug-in enabled.
"The Java 7u21 release introduces changes to security messages related to running Java applets and applications," Oracle said in a technical document that explains the changes. "All Java applications executed via the user's browser will prompt the user for confirmation. The type of messages presented depends upon different risk factors such as running applications that include invalid digital certificates, and using out of date versions of Java."
The changes follow an large number of attacks this year that have used Web-based Java exploits to infect computers with malware. The company hopes that the changes will encourage developers to sign their legitimate Java applets with digital certificates issued by publicly trusted certificate authorities (CAs).
In cases where the risk of an attack is lower, like when the applet is digitally signed with a CA-issued certificate, the messages displayed to users will be minimal and there will be an option to automatically trust applications from the same vendors in the future.
However, when dealing with unsigned applets, the warning messages will contain more information that will reflect the higher security risk. Additional interaction will also be required from users who want to run such applets, Oracle said.
The company has published an overview of all use cases of signed and unsigned applets with example of how the warning dialogs will look in each case.
This new release is the result of Oracle's plan to accelerate its patching cycle for Java and will coincide with the release of security updates for other Oracle applications and middleware products that used to be updated separately.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ERP in the Cloud and the Modern Business View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Oracle ERP Cloud Service - Back-Office Solutions that Keep You in Front Learn how you can harness the power of the cloud to run your business more effectively and lower upfront costs.
- Integration with Oracle Fusion Financials Cloud Service While moving your financial system to the cloud may seem straightforward, truly realizing the advantages of the cloud requires a complete understanding how...
- Hadoop for Dummies Today, organizations in every industry are being showered with imposing quantities of new information. Along with traditional sources, many more data channels and...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and... All Data Center White Papers | Webcasts