Oracle bungled the security updates of its Java SE software so badly it must publish a grovelling letter prominently on its website for the next two years.
Since gobbling up Java along with Sun in 2010, Oracle’s software updates for Java SE would only affect the latest version installed. If you had multiple versions of Java SE on your system, only the latest would be replaced when installing or upgrading to a new release – leaving the old and insecure copies of Java SE on the system for hackers and malware to exploit. Vulnerabilities lurking in the outdated installations can be abused to hijack computers, steal passwords, and so on.
Original Source: THE REGISTER
View the full story here