Oracle has released an update to Java 7 for Windows, Mac OS X, and Linux that patches security vulnerabilities. Oracle says the Java 7u7 (v1.7.0_07) update fixes security issues related to CVE-2012-4681 plus two other vulnerabilities.
Update: Looks like this “fix” isn’t a very good fix at all — a new vulnerability has been found.
According to the security bulletin Oracle released, this patch addresses the following:
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.
Now, after reading the above, you must be thinking if this update patches the recently reported Java 7 bug. Seeing as Oracle’s security bulletin claims this update fixes a CVE-2012-4681 exploit and other vulnerabilities that relate to infections via the web browser, and Oracle gives credit to Adam Gowdiak of Security Explorations for the vulnerability alert, my educated guess is yes the Java 7u7 update does patch it. It took them four months but they finally got it done. However, regardless of what exactly is fixed it is always a good idea to keep your Java up-to-date because, as you can tell, there are many security vulnerabilities that you don’t want hanging around.
For those of you who prefer to stick to Java 6, Oracle also released a security update to Java 6 bringing the latest version of Java 6 to Java 6u35 (or Java v1.6.0_35).
Both Java 7u7 and Java 6u35 can be installed via Java’s built-in automatic updater or you can manually grab them from Oracle’s website — check out the link below.