Oracles releases patch to fix Java exploits, update to Java 7u7 or Java 6u35 to stay safe

Oracle has released an update to Java 7 for Windows, Mac OS X, and Linux that patches security vulnerabilities. Oracle says the Java 7u7 (v1.7.0_07) update fixes security issues related to CVE-2012-4681 plus two other vulnerabilities.

Update: Looks like this “fix” isn’t a very good fix at all — a new vulnerability has been found.

According to the security bulletin Oracle released, this patch addresses the following:

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.

Now, after reading the above, you must be thinking if this update patches the recently reported Java 7 bug. Seeing as Oracle’s security bulletin claims this update fixes a CVE-2012-4681 exploit and other vulnerabilities that relate to infections via the web browser, and Oracle gives credit to Adam Gowdiak of Security Explorations for the vulnerability alert, my educated guess is yes the Java 7u7 update does patch it. It took them four months but they finally got it done. However, regardless of what exactly is fixed it is always a good idea to keep your Java up-to-date because, as you can tell, there are many security vulnerabilities that you don’t want hanging around.

For those of you who prefer to stick to Java 6, Oracle also released a security update to Java 6 bringing the latest version of Java 6 to Java 6u35 (or Java v1.6.0_35).

Both Java 7u7 and Java 6u35 can be installed via Java’s built-in automatic updater or you can manually grab them from Oracle’s website — check out the link below.

Java download page

[Thanks Grantwhy!]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

13 comments

  1. prescription glasses cheap

    I was recommended this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my problem. You’re wonderful!
    Thanks!

  2. Janet

    @Ashraf:

    If you have a 64 bit system but a 32 bit browser, you need the 32 bit Java!!!

    Many websites do not work on 64 bit browsers, so it is recommended to use a 32 bit browser as default. I don’t know if Chrome and/or FF have both and automatically decide for you which browser to use for which site, but with IE8 you should use the 32 bit version as your default, because many sites are not built for 64 bit and will not work on the 64 bit IE8. Windows 7 gives you both 32 and 64 bit IE, but makes 32 bit IE the default.

    So the Java needs to match your browser, not your OS! I read this on the Java site.