Oracle today released the April 2015 Critical Patch Update. The latest critical update by Oracle includes patches for 98 security issues across different products. 14 of these 98 security issues addresses Java. This is going to be the last Oracle JDK 7 publicly available update, which signals that Oracle wants its users to upgrade to version 8 of JDK.
Oracle Java 7 critical update
Three of the critical Java vulnerabilities were patched that carried maximum severity score of 10 in the Common Vulnerability Scoring System (CVSS), which was open to exploit over the network without authentication resulting in the compromise of the system’s confidentiality and integrity.
Oracle also released Java 8 update 45 (Java 8u45), Java 7u79, Java 6u95 and Java 5u85 that fixes the vulnerabilities which affect the Java client, which could potentially be exploited from the Web via Java browser plug-in. Some notable flaws which affected Java server deployments, client and server deployments of the Java Secure Socket Extension (JSSE) were addressed in this update.
The 98 fixes in the April 2015 Critical Patch also include fix for security flaws present in Oracle Java SE, Oracle Sun Systems Products Suite, Oracle MySQL, Oracle Enterprise Manager,Oracle E-Business Suite, Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Supply Chain Suite, Oracle PeopleSoft Enterprise, Oracle JDEdwards EnterpriseOne, Oracle Siebel CRM, Oracle Industry Applications and Oracle Support Tools.
With the latest critical update by Oracle, Java 7 has completed the end of life for public updates, henceforth security patches for Java 7 would only be available to customers with special support contracts (Paid). Oracle has also prompted its users to upgrade to Java 8 since January.
The increased vulnerabilities in Java have led to serious impact on day to day usage of necessary applications. To be risk free from possible system compromises, security gurus have advised to disable or completely uninstall Java, from one’s computers
Chief technology officer at application security firm Waratek, John Matthew Holt said,
This is huge news, this causes enormous headaches and disruption to millions of application owners around the world. Oracle’s rapid end of life schedule for Java versions is great for innovation and language evolution. However, there is a dangerous tradeoff: now millions of Java 7 applications will have to defend themselves against code level vulnerabilities without the benefit of future fixes.
More information on this critical update can be found in Oracle blog.