Oracle is set to release a patch set for Java SE that targets 40 security vulnerabilities.
Thirty-seven of the weaknesses can be exploited over a network without requiring an attacker to have a username or password, Oracle said.
Affected products covered in the patch batch, which is set for release Tuesday, include Java SE as well as a number of version of JDK (Java Development Kit), JRE (Java Runtime Environment) and the JavaFX rich-client development platform, according to Oracle's announcement.
Oracle is recommending that customers apply the patches as soon as possible "due to the threat posed by a successful attack."
The Java SE patch set comes after Oracle released some 128 fixes for its database, middleware and applications in April.
Oracle came under fire in recent months over Java security after a spate of high-profile vulnerabilities.
The company subsequently pledged it would work to shore up Java's security measures, as well as do more outreach with community members.
Oracle revealed some specifics of its planned security improvements last month.
Oracle is filling out its product stack for communications with the acquisition of Tekelec, which provides network signaling, policy control and subscriber data management software for mobile data ...
Security software startup Bromium is shipping its first product, a virtualization client that runs any untrusted content inside its very own virtual machine -- a microVM -- protecting the underlying operating ...
Security firms are being none too gentle with Oracle's Java following the revelation this week that attackers are using two unpatched Java vulnerabilities to compromise selected targets. The most common ...
The U.S. Department of Homeland Security (DHS) has issued an alert warning of vulnerabilities in a software technology called the Niagara AX Framework, used to manage millions of ...
Network and security vendors such as Cisco, Juniper, and Enterasys are lining up at Interop this week with products aimed at easing security admins' BYOD-spawned migraines. Also in the ...
Oracle buying Tekelec for network signaling software
Security startup isolates untrusted content in virtual machines
Security pros advise users to ditch Java
DHS warns of vulnerabilities in widely used Niagara
Avaya revs Identity Engines for more secure BYOD