Oracle, Java’s new corporate parent, emphasized its commitment to the popular programming language during the lengthy approval process that finally led to the acquisition of Java’s creator, Sun Microsystems.
Part of that commitment is updating and securing the software for the huge community of developers and users. As eSecurity Planet reports, Oracle has been quick to address recent reports of security flaws Java that could prove particularly troublesome for systems running Windows.
Oracle is out this week with Java 6 Update 20, fixing two critical vulnerabilities that could have left users
’
systems at risk of being exploited by attackers. The flaws affect Java users on Windows, Linux and Solaris platforms.
Users on Microsoft Windows, however, may be more at risk; for them, Oracle has rated the flaw a 10 on the Common Vulnerability Scoring System (CVSS) system. In contrast, the CVSS score is rated as only a 7.5 on Linux and Solaris. The difference in potential severity stems from the fact that many Windows users run their system with full administrative privileges, which is less common on Linux and Solaris, Oracle said.
Eric Maurice, manager for security in Oracle’s global technology business unit, wrote in a blog post that the vulnerabilities, which occur specifically in the Java Deployment Toolkit and the Java Plug-in found in recent releases of Java, do not affect Java when running on a server or a standalone desktop application. Rather, the flaws only affect Java when running on a 32-bit Web browser.