Monday, January 14, 2013

Oracle Releases Java 7 Update 11 to Address Major Security Vulnerabilities

Oracle has released Java 7 Update 11 to fix major vulnerabilities!


Java SE 7 Update 11 Released

Oracle has released Java SE 7 Update 11, containing important security fixes. See Oracle Security Alert CVE-2013-0422 to learn more. Oracle strongly recommends that all Java SE 7 users upgrade to this release. Read the Release Notes for additional details about this release. Download Java SE 7 update 11.
A user may control, via the Java Control Panel, the level of security that will be used when running unsigned (also called "untrusted" or "sandboxed") Java apps in a browser. The user may select from five levels of security. See the "Setting the Security Level of the Java Client" documentation for to see what the settings do and how users can tighten security. You can also read Henrik Stahl's blog Oracle JDK 7u10 Released with New Security Features.
Because this is an out-of schedule release remediating security vulnerabilities, going forward Oracle will increment the release number for all subsequent Java 7 releases by two numbers in order to continue having CPUs as odd numbers and limited updates as even numbers. For example, the next Java CPU release, scheduled for Feb 19, 2013, the JDK 7 release version will be renamed to Java SE 7u13.
The major portion of this fix is to change the default security setting from medium to high. This means that it doesn't automatically run unsigned applets, effectively blocking drive-by Java vulnerabilities.
At this time, if you need java for a program to run, you can install the update, but make sure you have uninstalled all prior versions first.