With latest patches, Oracle signals no more free updates for Java 7

Oracle released patches for 98 security issues across a wide range of products, including 14 in Java. This marks the last free patch for Java 7, and users are being encouraged to upgrade to version 8.

Three of the Java vulnerabilities patched Tuesday have the maximum severity score of 10 in the Common Vulnerability Scoring System (CVSS), which means that they can be exploited over the network without authentication and can lead to a full compromise of the system’s confidentiality and integrity.

Twelve of the flaws affect the Java client, meaning they can potentially be exploited from the Web through the Java browser plug-in. One of them also affects Java server deployments and the remaining two affect the client and server deployments of the Java Secure Socket Extension (JSSE).

To read this article in full or to leave a comment, please click here