Oracles releases patch to fix Java exploits, update to Java 7u7 or Java 6u35 to stay safe

Oracle has released an update to Java 7 for Windows, Mac OS X, and Linux that patches security vulnerabilities. Oracle says the Java 7u7 (v1.7.0_07) update fixes security issues related to CVE-2012-4681 plus two other vulnerabilities.

Update: Looks like this “fix” isn’t a very good fix at all — a new vulnerability has been found.

According to the security bulletin Oracle released, this patch addresses the following:

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.

Now, after reading the above, you must be thinking if this update patches the recently reported Java 7 bug. Seeing as Oracle’s security bulletin claims this update fixes a CVE-2012-4681 exploit and other vulnerabilities that relate to infections via the web browser, and Oracle gives credit to Adam Gowdiak of Security Explorations for the vulnerability alert, my educated guess is yes the Java 7u7 update does patch it. It took them four months but they finally got it done. However, regardless of what exactly is fixed it is always a good idea to keep your Java up-to-date because, as you can tell, there are many security vulnerabilities that you don’t want hanging around.

For those of you who prefer to stick to Java 6, Oracle also released a security update to Java 6 bringing the latest version of Java 6 to Java 6u35 (or Java v1.6.0_35).

Both Java 7u7 and Java 6u35 can be installed via Java’s built-in automatic updater or you can manually grab them from Oracle’s website — check out the link below.

Java download page

[Thanks Grantwhy!]

Related Posts

  • I was recommended this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my problem. You’re wonderful!

  • Suze

    @AFPhys: You’re welcome, AFPhys. Maybe by the time you *need* v7, these issues with both v6 and v7 will be resolved. Let’s hope so :)

  • AFPhys


    Thanks for your reply, Suze. I have not discovered a reason yet, and if I do run into a warning that V7 is needed, I am likely to decide that I will just live without the new bells and whistles.

  • Godel
  • Suze

    @AFPhys: The only good reason that I know of is when a program you want to run requires Java 7 in order to run. This is what happened to me, and it was the only reason I “upgraded” from Java 6 to Java 7 . . .

  • Janet


    If you have a 64 bit system but a 32 bit browser, you need the 32 bit Java!!!

    Many websites do not work on 64 bit browsers, so it is recommended to use a 32 bit browser as default. I don’t know if Chrome and/or FF have both and automatically decide for you which browser to use for which site, but with IE8 you should use the 32 bit version as your default, because many sites are not built for 64 bit and will not work on the 64 bit IE8. Windows 7 gives you both 32 and 64 bit IE, but makes 32 bit IE the default.

    So the Java needs to match your browser, not your OS! I read this on the Java site.

  • anemailname

    Thanks for the heads up!

  • kelltic

    Big thanks for the original warning and the update! What would we do without you?

  • AFPhys

    Now that this vulnerability is patched, that begs the question:

    Is there any good reason to upgrade from Java 6 to Java 7?

  • BarrysCool

    Go to and below the button that says “Free Java Download” click on — Do I have Java —
    This will test your system and automatically install the right version.
    Hope this is of some help.

  • Ashraf

    @BarrysCool: You are welcome!
    @Aditya: Go to -> Find Java 7u7 -> Accept license agreement -> Click on your operating system.

  • Aditya

    There are so many download links. Which one is the update patch???

  • BarrysCool

    Thanks for this timely tip, I needed this update.