NEWS - October 17, 2012
by Carol~ - 10/17/12 9:20 AM
Critical Java Patch Plugs 30 Security Holes
Oracle on Tuesday pushed out a bevy of security patches for its products, including an update to Java that remedies at least 30 vulnerabilities in the widely-used program.
The latest versions, Java 7 Update 9 and Java 6 Update 37, are available either through the updater built into Java (accessible from the Windows control panel), or by visiting Java.com. If you're not sure which version you have or whether you've got the program installed at all, click the "Do I have Java" link below the red download button on the Java homepage.
maintains supplies its own version of Java. Given the rapidity with which they have followed Oracle's Java updates (ever since April 2012, when the Flashback worm used an unpatched Java flaw to infect more than 650,000 Macs), I would expect Apple to have an update ready soon.
Broken record alert: If you need Java, update it now. Cyber thieves and malware love to use unpatched Java holes to break into systems, and miscreants are always looking for new Java exploits to use. If you don't need Java, uninstall it; you can always reinstall it later.
If you need it for a specific Web site, I'd suggest unplugging it from the browser and adopting a two-browser approach. For example, if you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.
Continued : http://krebsonsecurity.com/2012/10/critical-java-patch-plugs-30-security-holes/
Stormy October patch day for Oracle
Oracle patches 109 vulnerabilities