Oracle has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication. Oracle has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication.The bug causes the Java runtime environment to hang when converting “2.2250738585072012e-308” to a binary floating-point number, according to the alert. “Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment,” Oracle said. “Java based application and web servers are especially at risk from this vulnerability.”A number of products are affected by the bug, including Java SE and Java for Business. A full list and links to recommended patches has been posted on Oracle’s website. Oracle typically issues security patches for all affected products on a quarterly basis, although as in this case, it also releases fixes for bugs deemed too serious to wait for the next update. The last quarterly update, which was posted in January, included more than 60 fixes. That doesn’t seem like enough given the number of acquisitions Oracle has made in recent years, one security expert said at the time.“In the past, when Oracle had far fewer products, they would patch 100 database vulnerabilities at a time. One would assume that more products require more fixes, yet we are seeing smaller patches with fewer fixes for more products,” wrote Amichai Shulman, CTO of security firm Imperva, in a blog post. Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris’s e-mail address is Chris_Kanaracus@idg.com Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe