Sun Microsystems, the company behind Java Runtime Environment (JRE), has released an update that fixes many security flaws, indluding some that could allow hackers to compromise or steal data from unpatched systems.
Java has long been known to be a means for e-criminals' to further their cause, since an estimated 600 million users worldwide use JRE. The update applies to Java 1.3.1, 1.4.2, 5.0 and 6.0.
Starting with this update bundle, Java is no longer going to release fixes and patches to different versions at different times – they will all be released at once. Also, Sun will announce upcoming updates, so businesses and home users alike can be informed of them at the time of their release, thus enabling them to patch Java more rapidly.
“We've heard over a period of time that in effect we catch people by surprise at some level with these announcements,” the product marketing manager for Java said in an interview last week.
Sun has reported that they are still working on some problems, such as the fact that java updates fail to remove older versions. The issue with that is the fact that if hackers should choose to use an older version of Java, your browser would automatically do the same, assuming the older versions are present on the system. This would lead to users becoming exposed to whatever vulnerabilities the older version(s) may have.
If you are not sure which version of Java you have, just press on “Do I have Java?” in their homepage.