Security News > 2022 > April > Critical cryptographic Java security blunder patched – update now!

Critical cryptographic Java security blunder patched – update now!
2022-04-20 18:43

We're focusing on just one of those Java bugs, officially known as CVE-2022-21449, but jokingly dubbed the Psychic Signatures in Java bug by researcher Neil Madden, who uncovered it and disclosed it responsibly to Oracle in November 2021.

According to Madden, these vital preliminary checks were accidentally omitted back in the era of Java 15, when the C++ cryptographic code in the official Java runtime was rewritten in Java itself.

The most recent Java versions are Java 17 and Java 18, which get updated to 17.0.3 and 18.0.1 respectively.

Older but still-supported versions that have also been patched are Java 7, Java 8 and Java 11, which get updated to version 7u341, version 8u331 and 11.0.15 respectively.

You can check for available Java versions on your computer by searching for program files called java.

You can check what version each Java executable represents by running the command java -version.


News URL

https://nakedsecurity.sophos.com/2022/04/20/critical-cryptographic-java-security-blunder-patched-update-now/