Oracle has released two major security updates addressing a number of vulnerabilities in Java for Mac OS and its Windows browser plugin.
The firm released the patches on Tuesday. The main browser update addresses 42 vulnerabilities while the second Apple patch fixes 21 security flaws.
"Oracle today released two Critical Patch Updates: the April 2013 Critical Patch Update and the April 2013 Critical Patch Update for Java SE. The previous blog entry provided a summary of the April 2013 Critical Patch Update, and this entry will discuss the content of the Critical Patch Update for Java SE," wrote Oracle's Eric Maurice.
Trend Micro security spokesman Rik Ferguson told V3 that the patches are important as they address several flaws that could be used by cyber criminals to mount attacks on businesses using Java.
"The vast majority of them are to do with remote exploitation without authentication, which in layman's terms means that if you land on a compromised or malicious website, then the attacker can run code on your machine (infect you)," said Ferguson.
"There is an associate patch from Apple (they maintain their own Java for Mac OS) which addresses 21 of the vulnerabilities listed in the Oracle release and a separate security update for Safari which allows the user to only enable Java on a per site basis."
Java has become an increasingly popular target for cyber criminals. Since the start of 2013 numerous Java based exploits have been uncovered by security researchers.
Past vulnerabilities have forced Oracle and Apple to release out of cycle security patches.
The pandemic led security firm F-Secure to list Java as cyber criminals' current victim of choice in its 2012 H2 Threat Report in February.
Ferguson said that while the patch is a positive, Oracle still has a lot of work to do securing the platform.
"I certainly don't expect this to be the last patch or update for Java, in fact I'd be disappointed if it were," said Ferguson.
"There are doubtless plenty of vulnerabilities and their associated exploit waiting to be uncovered. Such a widespread and unfortunately vulnerable platform is extremely attractive to criminals for the large target and cross-platform nature it represents."
Kaspersky senior security researcher David Emm mirrored Ferguson's sentiment saying one fix will not diminish hacker's interest in the platform.
"It's good to see that Oracle has issued updates to vulnerabilities that could harm those computers using Java. However, security - like housework - is an on going process, so there's no 'once-and-for-all' security fix," said Emm.
"Of the applications containing vulnerabilities that were targeted by web exploits in 2012, 50 percent of them targeted Java. It's unlikely that hackers will stop looking for vulnerabilities. That's why it's important that Oracle adopts a more frequent update schedule."
Nvidia brings Turing microarchitecture into the high-end gaming segment
Did you make the shortlist for the UK's most respected IT event?
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps