This week marked the quarterly Java Critical Patch Update from Oracle, bringing us 113 patches across 13 product families, including Java JRE, one of the most exploited middleware applications around.For Java JRE, the updates to Java 7 and 8 patches 20 vulnerabilities, each one of the sort Oracle calls "remote exploit without authentication", meaning that an outsider who hasn't logged in could, in theory, trigger each of the 20 vulnerabilities. The new versions bring the latest Java JRE version numbers to 7 update 65 and 8 update 11.Java 7 update 65 will be rolled out to Cloud Device Software Update customers within 24 hours.Java 8 is still in a pre-general release state and is therefore not automatically updated by Cloud Device, but will be added in the coming month. So far, we have only detected 4 Java 8 installations across all of the several thousand Cloud Device protected computers.The next scheduled Java Critical Patch Update will be in the 14th of October 2014.Wishing you a great summer, free of Java worries.
