Java vulnerability patches are rolling out as part of its quarterly security release.
Nearly half the patches in the Critical Patch Update (CPU) released Tuesday, 51 out of 127, will rectify issues in the Java browser plug-in.
Furthermore, 12 out of the 51 Java bugs received the most severe threat rating, or CVSS score, of 10 in the update.
Most Java bugs affected Java Applets and Java WebStart.
“51 security vulnerabilities are addressed in Java this quarter, and 50 of them affect Java Applets or Java WebStart, the plug-in that runs Java in your web browser,” Sophos senior security advisor Chester Wisniewski
“Worse yet, all but one are remotely exploitable without authentication. Some versions of Java update themselves, some rely on the operating system vendor and others are too old to support an auto-update mechanism. This does not make things easy.”
Wisniewski recommended that users check to verify that the latest Java update, 7u45, was installed in their browser by visiting a page on Java.com. Lastly, he urged users to disable the notoriously buggy software, if the application isn't necessary.
Along with the release of Java 7u45, the CPU also included patches for other Oracle products including its Database Server, Enterprise Manager Grid Control, Fusion Middleware, Financial Services software, and MySQL and PeopleSoft products, among others.
In June, Nandini Ramani, the lead for Java's software development team, announced that Java's updates would be released four times a year coinciding with Oracle's CPU, instead of as a standalone release occurring only three times annually. The October Critical Patch Update marks the start of the change.