The October 2014 Oracle CPU delivered fixes for 154 unique bugs, with Java vulnerabilities making up the bulk of the most pressing updates

By October 17, 2014 September 5th, 2017 News

In its final Critical Patch Update of 2014, Oracle Corp. provided fixes for 154 total vulnerabilities across 14 of the software giant’s product lines; as usual, the most pressing updates involved the company’s long-maligned Java Runtime Environment.

“A single Java vulnerability, CVE-2014-6513, was given the highest CVSS rating of 10.0, making it the most severe bug patched in this release. “

John Matthew Holt, CTO at Java security vendor Waratek Ltd., based in Dublin, Ireland, said the vulnerability could be exploited by an attacker tricking a user into loading a specially crafted image, corrupting the Java VM’s memory in the process.

“[CVE-2014-6513] can be used to execute arbitrary injected code with the Java VM’s privileges,” said Holt. “In other words, this vulnerability can be used to achieve a complete compromise of the JVM, with full access to data and the execution state of the JVM.”

Read the full article


Author News

More posts by News

Leave a Reply