Skip to Content

Oracle Updates Java 7 to Address Security Vulnerability

by

java logo newOn Friday, we noted that Apple had taken the rare step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in due to a major security vulnerability that was being actively exploited in the wild. Apple's anti-malware system is capable of enforcing minimum version numbers for plug-ins such as Java and Flash, and Apple simply updated its blacklist information to require that machines be running a higher version of the Java 7 plug-in than was publicly available.

Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple's requirement for a minimum version number of 1.7.0_10-b19.

In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Popular Stories

Multicolored Low Cost A18 Pro MacBook Feature

Apple Accidentally Leaks 'MacBook Neo'

Tuesday March 3, 2026 7:00 am PST by
Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday. A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet. While the PDF file does not contain the "MacBook Neo" name, it briefly appeared in a link...
Read Full Article306 comments
imac video apple feature

Apple Unveils Two New Products

Monday March 2, 2026 7:49 am PST by
Apple today introduced two new devices, including the iPhone 17e and an updated iPad Air. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the ...
Read Full Article
Apple iPhone 17e feature

Apple Announces iPhone 17e With A19 Chip, MagSafe, and More

Monday March 2, 2026 6:07 am PST by
Apple today announced the iPhone 17e, featuring the A19 chip, MagSafe connectivity, faster charging, and more. The iPhone 17e contains the A19 chip introduced in iPhone 17. It features a 6-core GPU and a 4-core GPU. Apple pointed out that this makes it up to 2x faster than the iPhone 11. The new 16-core Neural Engine is optimized for large generative models. The iPhone 17e also contains...
Read Full Article234 comments

Top Rated Comments

I
iMikeT
171 months ago
Why is it so often Java that appears to get caught out in these security vulnerabilities? :confused:


Like Windows, it's widely used. It's about making the most amount of damage to the most amount of users.
Score: 6 Votes (Like | Disagree)
R
RMo
171 months ago
Sorry foe the dumb question...I have "Enable Java" UNCHECKED in Safari Preferences, and intend to leave it that way.

Should I download the Java Update anyway?:confused:

Thanks...
Yes. You should either do that or uninstall Java completely, but there's no sense in leaving outdated, vulnerable, exploited-in-the-wild software on your machine, even if you have no plans to use it right now. (What if you try another browser in the future and forget about this?)

No, it can't access your system if you don't use it or even have it enabled.
Unchecking a preference in Safari does not mean it is "disabled" on your entire system. Leave it unchecked if you want, but at least fix the problem (or get rid of it).
Score: 6 Votes (Like | Disagree)
H
hamkor04
171 months ago
"Medium" to "High" isn't it awesome?
Score: 5 Votes (Like | Disagree)
HiRez Avatar
HiRez
171 months ago
When are they just going to kill this pig once and for all? Java on personal or mobile computers is simply not needed today, there are better alternatives. If they want to keep it running for enterprise, fine, but stop subjecting us to this bloated, archaic, insecure monstrosity.
Score: 3 Votes (Like | Disagree)
S
SLFGNR8
171 months ago
Perplexed and need some help

Why am I experiencing the below:

[LIST=1]
* I have Mountain Lion 10.8.2.
* There is no Java in my System Preferences.
* There is no Java app in my Utilities.
* Only references to Java I can find are in my CS6 Suite app folders, allowing custom javascripts.
* Yet when I uncheck "enable java" and "enable java-script" in Safari, there are some websites, like cloud based email services that won't work until I turn them on. When java is enabled via the browsers those sites work fine.
* Even when enabled the http://javatester.org/version.html website says I have a missing plug-in when checking via Safari or with Firefox.
* My Terminal says: java version "1.6.0_37" Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909) Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)


It appears that the Oracle "fix" installs the full version of Java, which I currently don't have or need.

WHAT SHOULD MY COURSE OF ACTION BE?
Score: 2 Votes (Like | Disagree)
clukas Avatar
clukas
171 months ago
could someone please clarify this for me.

I dont have java in system preferences. I know I am running java as I am using Adobe CS6. I have disabled java in safari.

Am I still at risk, how should I update?
Score: 2 Votes (Like | Disagree)
Read All Comments