Oracle Patches Java for Pwn2Own Flaws
Page 1 of 1
Oracle has released its April Critical Patch Update (CPU) for Java, fixing no less than 41 vulnerabilities.
Of those 41 vulnerabilities, 18 of them carry the highest possible CVSS Base Score of 10.0, meaning they are highly critical issues that need to be patched rapidly. Included among the April CPU patches are four vulnerabilities that were publicly demonstrated at the Pwn2Own hacking challenge in March. The Pw2Own vulnerabilities were privately reported to Oracle via contest organizer HP TippingPoint ZDI (Zero Day Initiative). HP paid security researchers $20,000 for each of the Java exploits as part of Pwn2Own.
Hasan Rizvi, executive vice president Java and Oracle Fusion Middleware, told eSecurity Planet that one of the issues reported at the ZDI event was already known by Oracle. "It had been found internally and had already been scheduled for inclusion in the April 2013 Critical Patch Update," he said.