Enterprises relying on Java should pay attention to the amount of patches regularly released for the program. While this does show Oracle responding to pressing software issues, it also represents the continuing security concerns that seem to accompany Java.
A recently released Critical Patch Update contains hundreds of patches, including some that address 13 Java-related problems. PC World reported on the patch collection on July 20, saying that it was the largest Oracle has issued yet, since it focuses on 276 individual flaws. Among the list are 22 security concerns affecting MySQL and nine with Oracle Database Server.
The company's July Security Advisory notice lists all of the affected products and versions. For Java users, this includes several different iterations of Java SE, including versions 6u115, 7u101, and 8u92, as well as Java SE Embedded version 8u91. Oracle has encouraged users to put these patches into affect immediately to reduce risk.
"Oracle's July Security Advisory lists all of the affected products and versions."
In addition to the general security concerns, more than half of the security flaws (159) out of the full list of compromised programs could be remotely accessed by hackers. This would theoretically allow attackers to access a system without providing any credentials.
With so many companies downloading Java components annually, the impact of such vulnerabilities can be strong, even for those using the patches.
While Oracle urges users to update their software, another method is to move beyond the need for Java itself. As companies investigate IT modernization, they'll likely find that Java-based emulation holds them back. Along with security issues, the previous software requires users to download and re-install in a cumbersome way.
Inventu's Flynet Viewer offers a different approach that uses JavaScript for a more effortless, cross-platform solution.