The patch fixes 42 vulnerabilities within Java, including "the vast majority" of those that have been rated as the most critical. Oracle Executive Vice President Hasan Rizvisaid that a series of big security flaws in the Java plug-in for browsers have been uncovered in the past year by researchers and hackers, and some have been used by criminal groups. One hacking campaign infected computers using Microsoft Windows and Apple software inside hundreds of companies.
Earlier this year the US Department of Homeland Security recommended that computer users disable Java in the browser. But many large companies use internal software that relies on Java and have been pressing Oracle to make the language safer.
Perhaps the most significant change will be that, in the default setting, sites will not be able to force Java applets to run in the browser unless they have been digitally signed.
Not all known problems are being fixed with the current patch, but there are no unpatched problems that are being actively exploited, Rizvi said.