The Critical Patch Update released by Oracle on Tuesday includes 98 security fixes for a wide range of product families.
“For Java 7-based applications, this is the last security update that will be publicly available – the proverbial “end of the road” for Java 7 application security,” John Matthew Holt, CTO with Waratek, said in a statement emailed to SCMagazine.com. “After today, the only version of the Java Platform which will receive public security updates is Java 8.”
Of the 17 vulnerabilities addressed in Oracle Fusion Middleware, 12 are remotely exploitable without authentication and one of the flaws has a CVSS Base Score of 10.0, the advisory indicates. In Oracle Sun Systems Product Suite, eight vulnerabilities were addressed, with four being remotely exploitable without authentication and one having a CVSS Base Score of 10.0.