Oracle releases 127 security fixes, 51 for Java alone
The October 2013 CPU covers fixes for: Oracle Database Server, Oracle Enterprise Manager Grid Control, Oracle Supply Chain Products Suite, Oracle Siebel CRM, Oracle Industry Applications, Oracle Primavera Products Suite, Oracle and Sun Systems Products Suite, Oracle MySQL, Oracle Fusion Middleware, Oracle E-Business Suite, Oracle PeopleSoft Products, Oracle iLearning, Oracle Financial Services Software, Oracle Java SE and Oracle Virtualization. All of these updates are important, but arguably Java is the most important of all of them.
51 security vulnerabilities are addressed in Java this quarter, and 50 of them affect Java Applets or Java WebStart, the plugin that runs Java in your web browser. Worse yet, all but one are remotely exploitable without authentication. Some versions of Java update themselves, some rely on the operating system vendor and others are too old to support an auto-update mechanism. This does not make things easy.
Our advice?
1) Determine whether you have Java installed and enabled in your web browser. Visit java.com/en/download/installed.jsp and click “Verify Java version“. If your browser prompts you to install Java, close the tab; you’re Java-free. If it loads the applet, check your version. Be sure you are running Java 7 update 45 (1.7.0_45), Java 6 update 65 (1.6.0_65) or Java 1.5.0_55.
If you must have Java installed you ought to be running Java 7 (1.7). All previous versions are not officially supported and present a greater security risk.
2) If Java is installed and out of date, be sure to update it. Windows users can open the Java Control Panel, select the Update tab and choose Update now. Mac users can check for updates using the integrated Apple updater. Linux users should follow normal procedures for system updates provided by their distribution.
3) Most importantly, if you don’t need Java, get rid of it. Java can be useful for applications (Minecraft, payroll, mortgage calculators) and server-side applications (JBoss and more), but it doesn’t belong in your browser. If you’re not sure, I recommend disabling it. If you run across things that require Java, your browser will alert you with instructions.
You can read the original article, here.