On Tuesday Feb. 19 Oracle released a new set of patches for Java in response to a slew of security attacks.
The update will include five separate fixes under the names Java 7 update 15 and Java 6 update 41. Oracle releases a critical patch every quarter and this critical update will be included in Tuesday's release. The new set of patches stand to augment Oracle's Feb. 1 emergency Java update. Although that update was effective in correcting 50 separate bugs, Oracle did not have enough time to fix the remaining problems. The company also released a Java update in January, in response to attacks from at least four crimeware toolkits. For those who did not install Oracle's previous Java patches, the new release will suffice.
"Critical patch updates for Java SE are cumulative," said Director of Oracle Software Security Assurance Eric Maurice. "As a result, organizations that may not have applied the Feb. 1 release will be able to apply the updated Critical Patch Update when it is published, and will then gain the benefit of all previously released Java SE fixes. As usual, desktop users will be able to install this new version from java.com or through the Java auto-update."
Oracle has stated that the release of Java 6 update 41 is the company's final public version of Java 6, although updates may still be available for those who have a Java 6-related contract with Oracle. As Henrik Stahl, senior director of project management at Oracle's Java Platform Group, said, "Previously available versions of JDK 6 will remain available to the public through the Java Archive for debugging and testing purposes but Oracle no longer recommends using those in production."
In two months' time, Oracle plans to release new Java 7 security updates. Oracle's bulletin states, "Note also that Oracle has scheduled a Java SE Critical Patch Update for April 16, 2013, in addition to those previously scheduled in June and October of 2013 and in January of 2014. This additional distribution will be used to further accelerate Java security fixes to Java users."
As for Tuesday's release, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU [critical patch update] fixes as soon as possible," the company states.