Security News > 2022 > April > Critical cryptographic Java security blunder patched – update now!
We're focusing on just one of those Java bugs, officially known as CVE-2022-21449, but jokingly dubbed the Psychic Signatures in Java bug by researcher Neil Madden, who uncovered it and disclosed it responsibly to Oracle in November 2021.
According to Madden, these vital preliminary checks were accidentally omitted back in the era of Java 15, when the C++ cryptographic code in the official Java runtime was rewritten in Java itself.
The most recent Java versions are Java 17 and Java 18, which get updated to 17.0.3 and 18.0.1 respectively.
Older but still-supported versions that have also been patched are Java 7, Java 8 and Java 11, which get updated to version 7u341, version 8u331 and 11.0.15 respectively.
You can check for available Java versions on your computer by searching for program files called java.
You can check what version each Java executable represents by running the command java -version.
News URL
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-19 | CVE-2022-21449 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 7.5 |