Cisco Blogs

Latest Oracle Java Patches and Security Best Practices

- April 23, 2013 - 0 Comments

Java exploits account for 87% of total web exploits – Cisco 2013 Annual Security Report

This month’s release of the Oracle Java SE Critical Patch Update includes patches for 42 vulnerabilities. Vulnerabilities in the Oracle Java SE Java Runtime Environment (JRE) component have received widespread attention as of late because of the potential for an attacker to bypass security restrictions, access sensitive information, execute arbitrary code, or cause a denial of service condition. To make matters worse, Java vulnerabilities are often harnessed by exploit packs with tremendous success.

Many in the industry, as well as Cisco analysts, advise against having Java installed unless absolutely necessary. And if you must have Java installed, they advise using only the Java plug-in and Java Web Start provided with the latest JDK or JRE 7 release. But is there more to it than that? 

In addition to the many Cisco alerts and Event Responses published on the topic of Java security, we recently released the Java Security Best Practices Guide, available on the Cisco Security Intelligence Operations (SIO) Portal. This guide discusses how Java operates in web browsers and the risk it presents, along with best practices and mitigation techniques for securing your network. This guide steps beyond the well-worn “keep Java up to date” to include more advanced guidance, such as using multiple browsers and even virtual machines.

As always, for all things security, visit our SIO Portal—the primary outlet for Cisco security intelligence and all security-related content. Just go to

Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.