Java SE 7u7 Update Resolves Recent Security Issue
Oracle has released a security patch for the recently discussed Java 7 vulnerability that had potential to run malicious code on a targeted computer. If you had previously installed Java SE 7 in OS X Mountain Lion or Lion you can download the new SE 7u7 update directly from Oracle:
If you had a potentially vulnerable version of Java and you disabled the runtime, install the update and you will be safe to re-enable Java either system wide or in your browser of choice. For users that never installed Java or who want to leave it disabled, you don’t need to worry about any of this.
Heads up to MacRumors for noticing this first
Just when you thought you were home and dry:
http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/
–> Because a NEW zero-day security hole has been discovered, there is now NO SAFE VERSION of JAVA available that I know of. That is likely to include Java “6”, v1.6 Update 35, although verification is required. Therefore, either TURN IT OFF or uninstall it, if you bothered to install it at all. It can be turned off via the Java Preferences app found in your Utilities folder. UNcheck it under the ‘General’ tab.
Here is another article about the subject:
http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/
To quote:
“Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday….
“Security Explorations founder and CEO Adam Gowdiak was able to confirm that the defect does affect Java SE 7 Update 7, which Oracle released this week as a rare out-of-band patch….
“As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.
“Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet been found in the wild, but Gowdiak says he included proof-of-concept code with the report to demonstrate that an exploit is indeed possible….
“For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits.”
If one is content with using Oracle’s java distribution is there a way to remove Apple’s?
You linked the JDK instead of the JRE (http://www.java.com/en/download/manual.jsp)
Oracle sucks!
They knew about 19 fails in Java 1.7 from April…
And from this date they have corrected only 3…
They are just bandit!
Oracle knew this vulnerability since one or two months allready , for today purpose the “Solution”, ok, it’s better then nothing….but good to know they knew the prob’ since long time, & without doing nothing…..how many ppl be affected by this, since them wake up ?
In all cases, JAVA not serv many ppl today…so, not an big deal…