John K Waters writes:
Oracle’s latest quarterly Critical Patch Update (CPU) comprises 193 fixes for vulnerabilities in Oracle products, including 25 that address Java SE issues.
John Matthew Holt, CTO of Dublin-based Java security vendor Waratek, pointed out in an e-mail that, of the 25 CVEs fixed in this patch, 24 of them (96 percent) affect Java SE 8, the latest and most up-to-date Java version — revealing, he said, that the security of Java’s APIs has not significantly improved over time. He also noted that Java SE 7 is no longer being provided with public security updates. “So enterprises running Java SE 7 applications — which is virtually every large enterprise today — cannot automatically download and apply these important security fixes,” he said.