Oracle readies 40 security fixes to plug holes in Java SE

Oracle is set to release a patch set for Java SE that targets 40 security vulnerabilities.

Thirty-seven of the weaknesses can be exploited over a network without requiring an attacker to have a username or password, Oracle said.

Affected products covered in the patch batch, which is set for release Tuesday, include Java SE as well as a number of version of JDK (Java Development Kit), JRE (Java Runtime Environment) and the JavaFX rich-client development platform, according to Oracle's announcement.

Oracle is recommending that customers apply the patches as soon as possible "due to the threat posed by a successful attack."

The Java SE patch set comes after Oracle released some 128 fixes for its database, middleware, and applications in April.

Oracle came under fire in recent months over Java security after a spate of high-profile vulnerabilities.

The company subsequently pledged it would work to shore up Java's security measures, as well as do more outreach with community members.

Oracle revealed some specifics of its planned security improvements last month.

Subscribe to the Security Watch Newsletter

Comments