Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks.

The updates were part of Oracle’s quarterly Critical Patch Update, released Tuesday, which fixes 169 security issues across hundreds of products.

Fourteen of the 19 vulnerabilities fixed in Java affect client deployments and can be exploited from Web pages through malicious Java applets or Java Web Start applications. Four of them have the maximum severity score 10 in the Common Vulnerability Scoring System (CVSS) and two others come close, at 9.3, meaning they can lead to a full system compromise.

To read this article in full or to leave a comment, please click here