Oracle Patches Critical Flaw in Java

 Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".

Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."

Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.

"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.

The issue as well an exploit were first discovered by @kafeine last Friday.

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
13 comments
    Your comment
    Top Comments
  • What they also need to fix is to stop trying to install the Ask.com toolbar on my PC.
    21
  • Other Comments
  • A link to download would be great...
    1
  • Well great! I must use Java for my work. I teach remotely over the internet for a large online education company. That is almost 600 teachers and around 100,000 students. They use Blackboard Collaborate. It is Java based and launches it's own window outside the browser. I can't imagine how many other platforms require Java on a daily basis but Oracle needs to make sure it is secure.
    2