Oracle's April 2014 Critical Patch Update has been released, and solves a total of 104 vulnerabilities found across many of its products, including Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Supply Chain Product Suite, Oracle iLearning, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Java SE, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.
Polish security start-up Security Explorations has publicly released technical details and Proof-of-Concept code for 30 security vulnerabilities they found in Oracle Java Cloud Service, which allows customers to deploy their Java applications on WebLogic server clusters.
Oracle has released Java Standard Edition (SE) 8, Java Development Kit (JDK) 8, and Java Runtime Environment (JRE) 8.
The story here is that Oracle has synced up their Java patching with the rest of their patching cycle and, when it comes to vulnerabilities, Java always steals the show.
As predicted at the end of 2012 and proved by the ever expanding use of exploit kits, vulnerabilities in popular and widespread software such as Java and Adobe's Acrobat Reader and Flash top the list of the most exploited by cyber crooks.