July 2016 Quarterly Update from Oracle (276 vulnerabilities patched)
Oracle Patches 276 Vulnerabilities with July 2016 Update, including 13 for JavaSE
Oracle’s official update cycle is quarterly (unofficially, it’s been as frequently as daily at times, before Adobe Flash stepped up to the plate as the target du jour for attackers) and the updates for July have just been published. For most of our customers, the primary impact is JavaSE (which we’ll discuss in more detail below) but updates were also released for most everything in the Oracle fleet. There’s a good write-up on ThreatPost here.
Java – The latest version of Java is 8 update 101 and patches 13 vulnerabilities, 9 of which are remotely exploitable without authentication. If you have JavaSE installed and it is not the latest version (or if you have multiple versions installed), you are encouraged to remove all older versions and ensure that you are using only the latest version of JavaSE.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.