Oracle Updates Java 7 to Address Security Vulnerability
On Friday, we noted that Apple had taken the rare step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in due to a major security vulnerability that was being actively exploited in the wild. Apple's anti-malware system is capable of enforcing minimum version numbers for plug-ins such as Java and Flash, and Apple simply updated its blacklist information to require that machines be running a higher version of the Java 7 plug-in than was publicly available.
Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple's requirement for a minimum version number of 1.7.0_10-b19.
In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.
Popular Stories
Apple today released iOS 16.0.2, addressing a number of bugs that iPhone 14 owners have been experiencing since the new devices launched. iOS 16.0.2 comes two weeks after the launch of iOS 16, and it follows iOS 16.0.1, an update made available to iPhone 14 owners on launch day. The update is available for all iPhones that are capable of running iOS 16.
The iOS 16.0.2 update can be...
Wednesday September 21, 2022 7:49 am PDT by
Juli CloverApple on Friday released the new iPhone 14 models, and MacRumors videographer Dan picked one up on launch day. He's been using the iPhone 14 Pro Max non-stop since it came out, and over on the MacRumors YouTube channel, has shared his initial thoughts on the day-to-day experience with the latest iPhone.
Subscribe to the MacRumors YouTube channel for more videos. Dan's mini review highlights...
Wednesday September 21, 2022 1:36 am PDT by
Sami FathiRumors suggest Apple will announce new 11-inch and 12.9-inch iPad Pro models as soon as next month. The new iPads will be the first update to the iPad Pro series since April 2021 and will be an overall incremental upgrade that brings new capabilities and functionality to the highest-end iPad.
According to reports, Apple is planning an event for October to announce the new iPad Pro models, a...
Wednesday September 21, 2022 4:25 am PDT by
Sami FathiIt's been nine days since Apple released iOS 16 to the public, bringing major changes to the Lock Screen, Messages, Maps, and more. In the days following the release, some users have encountered several issues on their iPhones, ranging from slow system performance to battery drain.
In the past few days, iPhone 14 Pro users have shared specific bugs related to Apple's latest high-end iPhones, ...
Thursday September 22, 2022 7:57 am PDT by
Sami FathiA copycat version of the iPhone 14 Pro's Dynamic Island has arrived on Android's Google Play Store in the form of an app called "dynamicSpot."
The app, still in beta, offers customers several different experiences at the top of their smartphones. In its current form, dynamicSpot offers playback control for songs, timers, battery status, and more features coming soon, according to the app's...
Thursday September 22, 2022 5:12 am PDT by
Sami FathiMeta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking.
In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user's key taps, keyboard inputs, and more, when using the in-app browser....
Wednesday September 21, 2022 2:03 pm PDT by
Juli CloverWith millions of devices shipping out to customers with every Apple launch, there's occasionally someone who gets lucky and gets a new product ahead of schedule. This time around, Redditor playalisticadillac received an Apple Watch Ultra from AT&T two days before the official debut, sharing some images on the social media site.
The images include an unboxing and comparisons to the...
Apple today explained why the new silicone ear tips for the second-generation AirPods Pro are not officially compatible with the original AirPods Pro. In an updated support document, Apple said the original AirPods Pro ear tips have "noticeably denser mesh" than the second-generation ear tips. Apple did not provide any additional details, but the mesh density could result in acoustical...
Top Rated Comments
Like Windows, it's widely used. It's about making the most amount of damage to the most amount of users.
Unchecking a preference in Safari does not mean it is "disabled" on your entire system. Leave it unchecked if you want, but at least fix the problem (or get rid of it).
Why am I experiencing the below:
[LIST=1]
* I have Mountain Lion 10.8.2.
* There is no Java in my System Preferences.
* There is no Java app in my Utilities.
* Only references to Java I can find are in my CS6 Suite app folders, allowing custom javascripts.
* Yet when I uncheck "enable java" and "enable java-script" in Safari, there are some websites, like cloud based email services that won't work until I turn them on. When java is enabled via the browsers those sites work fine.
* Even when enabled the http://javatester.org/version.html website says I have a missing plug-in when checking via Safari or with Firefox.
* My Terminal says: java version "1.6.0_37" Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909) Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)
It appears that the Oracle "fix" installs the full version of Java, which I currently don't have or need.
WHAT SHOULD MY COURSE OF ACTION BE?
I dont have java in system preferences. I know I am running java as I am using Adobe CS6. I have disabled java in safari.
Am I still at risk, how should I update?