Yesterday Oracle released its first quarterly update of 2013 that addressed a total of 128 fixes for various bugs across multiple Oracle products.
A grand total of 42 of these patches were to address security flaws in Java. Shockingly, of the 42 patches directly addressing Java vulnerabilities, 39 of these could be exploited remotely without the need for user credentials. A number of the fixes were labelled 10 by Oracle, the highest and most threatening rank in the CVSS (Common Vulnerability Scoring System).
The latest update of Java (7u21) not only addresses a number of vulnerabilities but also boasts a change in the way notifications are displayed, this is a big move by Oracle to improve the reputation of Javas security, which is generally low. The Java website is currently promoting and encouraging developers to authorise their sites and apps using trusted certificate authorities to confirm legitimacy to users, another push to help build their reputation.
Read the full update description here.