Oracle Patches Critical Flaw in Java
Oracle has reacted to the recent discovery of a critical security issue in Java.
Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".
Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."
Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.
"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.
The issue as well an exploit were first discovered by @kafeine last Friday.
Control Panel>Java (32-bit)>Update>Update now
Could it make any damage on a Windows 8 x64, Opera x64, Oracle x64 plug-in? Which was only used now and then?
2:50 PM - January 14, 2013 by Wolfgang Gruener - source: Oracle
http://lmgtfy.com/?q=latest+version+of+java
Java allows programs to be ported across many OSes or platforms with minimal efforts, thus decreasing bugs and project costs.
However, I do not like Oracle's efforts at making Java secure.
The web browser deals with JavaScript which is different than an an application developed using the Java programming language and requires the JRE to be able to run it.
We cannot upgrade it, because we do not produce the base components our flavor of this software runs on.
We have no choice but to leave ourselves unsecured; disabling 6 is out of the question.