Oracle has reacted to the recent discovery of a critical security issue in Java.
Java 7 Update 11 patches the vulnerability, as well as a second severe security problem. Oracle said that it "strongly recommends that all Java SE 7 users upgrade to this [new] release".
Oracle confirmed that the vulnerabilities "may be remotely exploitable without authentication". An attacker would not need for a username and password to exploit the issue, but an "unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."
Oracle noted that users who reacted to the vulnerability by disabling Java, will have to still re-enable Java manually following the installation of the patch. Among others, the U.S. government had recommended users of Java 7 Update 10 and before to disable Java. However, at least one security researcher does not believe that Oracle has done enough to enable Java again.
"We don't dare to tell users that it's safe to enable Java again," Adam Gowdiak, a researcher with Poland's Security Explorations, told Reuters. According to Gowdiak, the update does not address several other vulnerabilities.
The issue as well an exploit were first discovered by @kafeine last Friday.