Oracle releases Java SE’s February 2013 Critical Patch Update
Oracle has rolled out its February 2013 Critical Patch Update for Java SE, which addresses dozens of security vulnerabilities. The patch was originally slated for release on February 19, but because of an active exploitation problem that was targeting Java in browsers, the company elected to roll it out early.
The patch update fixes 50 security issues, 44 of which concerned Java in browsers and applets. One of the other fixes concerns the installation of Java Runtime Environment; beyond that, the company says there are additional “in-depth fixes.” Three of the fixes involve both server and client Java deployment, while two of the fixes are for the deployment of JSSE (Java Secure Socket Extension).
Java is notorious for the security risks it poses, which Oracle says is due to its popularity, which makes it a target. Twitter recommended that users disable Java earlier today when it announced that it had been attacked, and Mozilla recently announced that it will be disabling all plugins – including Java – by default to help keep users safe.
The February 2013 Critical Patch Update includes fixes already available through Security Alert CVE-2013-0422. Users can download the update from the Oracle website, or by clicking here. According to Oracle, this update primarily only concerns Java FX and Java client deployments, which is the case with most updates it releases.