Java Update Plugs Multiple Security Holes
Sun Microsystems is pushing out an important security update to various versions of its Java Runtime Environment (JRE) software, along with a couple of changes designed to make patching the program more predictable and manageable for companies running custom versions of the software.
The update, which applies to Java families 1.3.1, 1.4.2, 5.0 and 6.0, plugs nearly a dozen security holes, including some that Sun warns could be deployed on malicious Web sites to remotely compromise or steal data from unpatched systems. Don't put off installing this update, as Java represents a huge target for cyber crooks: Sun estimates that the program is installed on more than 600 million computers worldwide.
Not sure whether you've got Java or which version your system has? Visit Sun's Java home page and click on the "Do I have java?" link. That should tell you whether you need to update.
Beginning with this update release, Sun is changing a couple of things. First, it's giving advance notice of upcoming patch bundles to give businesses more time to prepare for them. It's also no longer going to release fixes for different versions of Java at different time; from now on, updates to the consumer-oriented versions such as Java 6 will go out at the same time as older version more frequently used by businesses.
"We've heard over a period of time that in effect we catch people by surprise at some level with these announcements," Bill Curci, product marketing manager for Java, told me in a phone interview last week.
Curci said the company is still working on some of the improvements I've discussed in past posts on Java updates, including an installer that automatically removes previously installed versions of the software, which take up hundreds of megabytes of disk space apiece and end up confusing users.
Posted by: Samy | October 8, 2007 9:31 PM | Report abuse
Posted by: Paul | October 9, 2007 9:01 AM | Report abuse
Posted by: Bk | October 9, 2007 9:13 AM | Report abuse
Posted by: FtB | October 9, 2007 11:40 AM | Report abuse
Posted by: Michael Horowitz | October 9, 2007 8:41 PM | Report abuse
Posted by: Fred Dunn | October 11, 2007 7:48 AM | Report abuse
Posted by: Steve Ballmer | October 11, 2007 4:42 PM | Report abuse
Posted by: Mike Maxwell | October 21, 2007 12:10 AM | Report abuse
The comments to this entry are closed.