Oracle Updates Java 7 to Address Security Vulnerability

java logo newOn Friday, we noted that Apple had taken the rare step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in due to a major security vulnerability that was being actively exploited in the wild. Apple's anti-malware system is capable of enforcing minimum version numbers for plug-ins such as Java and Flash, and Apple simply updated its blacklist information to require that machines be running a higher version of the Java 7 plug-in than was publicly available.

Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple's requirement for a minimum version number of 1.7.0_10-b19.

In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Top Rated Comments

iMikeT Avatar
105 months ago

Why is it so often Java that appears to get caught out in these security vulnerabilities? :confused:



Like Windows, it's widely used. It's about making the most amount of damage to the most amount of users.
Score: 6 Votes (Like | Disagree)
RMo Avatar
105 months ago

Sorry foe the dumb question...I have "Enable Java" UNCHECKED in Safari Preferences, and intend to leave it that way.

Should I download the Java Update anyway?:confused:

Thanks...

Yes. You should either do that or uninstall Java completely, but there's no sense in leaving outdated, vulnerable, exploited-in-the-wild software on your machine, even if you have no plans to use it right now. (What if you try another browser in the future and forget about this?)

No, it can't access your system if you don't use it or even have it enabled.

Unchecking a preference in Safari does not mean it is "disabled" on your entire system. Leave it unchecked if you want, but at least fix the problem (or get rid of it).
Score: 6 Votes (Like | Disagree)
hamkor04 Avatar
105 months ago
"Medium" to "High" isn't it awesome?
Score: 5 Votes (Like | Disagree)
HiRez Avatar
105 months ago
When are they just going to kill this pig once and for all? Java on personal or mobile computers is simply not needed today, there are better alternatives. If they want to keep it running for enterprise, fine, but stop subjecting us to this bloated, archaic, insecure monstrosity.
Score: 3 Votes (Like | Disagree)
SLFGNR8 Avatar
105 months ago
Perplexed and need some help

Why am I experiencing the below:

[LIST=1]
* I have Mountain Lion 10.8.2.
* There is no Java in my System Preferences.
* There is no Java app in my Utilities.
* Only references to Java I can find are in my CS6 Suite app folders, allowing custom javascripts.
* Yet when I uncheck "enable java" and "enable java-script" in Safari, there are some websites, like cloud based email services that won't work until I turn them on. When java is enabled via the browsers those sites work fine.
* Even when enabled the http://javatester.org/version.html website says I have a missing plug-in when checking via Safari or with Firefox.
* My Terminal says: java version "1.6.0_37" Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909) Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)


It appears that the Oracle "fix" installs the full version of Java, which I currently don't have or need.

WHAT SHOULD MY COURSE OF ACTION BE?
Score: 2 Votes (Like | Disagree)
clukas Avatar
105 months ago
could someone please clarify this for me.

I dont have java in system preferences. I know I am running java as I am using Adobe CS6. I have disabled java in safari.

Am I still at risk, how should I update?
Score: 2 Votes (Like | Disagree)

Top Stories

lg wing

LG Considering Exit From Smartphone Business, Halts LCD Production for iPhone

Wednesday January 20, 2021 5:38 am PST by
LG is considering exiting the smartphone business entirely amid declining shipments and accrued losses of $4.5 billion over the past five years (via The Korea Herald). LG CEO Kwon Bong-Seok cautioned staff earlier today that the company is re-evaluating its presence in the smartphone industry: Since the competition in the global market for mobile devices is getting fiercer, it is about...
2019 mac pro side and front

Tim Cook Gifted Donald Trump 'First' 2019 Mac Pro

Wednesday January 20, 2021 5:45 pm PST by
Apple CEO Tim Cook gifted former United States President Donald Trump with the first 2019 Mac Pro that came off of the assembly line in Austin, Texas, according to a financial disclosure report that was released today (via The Verge). "Mac Pro Computer, the first created at the Flex Factory in Austin, Texas," reads the entry, which values the machine at $5,999, the base price for a Mac Pro....
Apple VR Feature

Bloomberg: Apple's First AR/VR Headset 'Pricey, Niche Precursor' to More Ambitious AR Glasses and Could Launch Next Year

Thursday January 21, 2021 3:27 am PST by
Apple's first virtual reality headset will be a "pricey, niche precursor" to a more ambitious augmented reality product, according to a new report from Bloomberg's Mark Gurman. As a mostly virtual reality device, it will display an all-encompassing 3-D digital environment for gaming, watching video and communicating. AR functionality, the ability to overlay images and information over a view...
Flat MacBook Air Feature

Bloomberg: Apple Working on 'Thinner and Lighter' High-End MacBook Air With MagSafe, Could Launch in Second Half of 2021

Friday January 22, 2021 3:34 am PST by
Apple is working on a "thinner and lighter" version of the MacBook Air that the company plans to release during the second half of this year at the earliest or in 2022, according to a new report by well-connected Bloomberg journalist Mark Gurman. It will include Apple's MagSafe charging technology and a next-generation version of the company's in-house Mac processors. Apple has discussed...
iOS 15 icon mock banner

iOS 15 Rumored to Drop Support for iPhone 6s and 2016 iPhone SE

Thursday January 21, 2021 11:58 am PST by
Apple's upcoming iOS 15 operating system, which we expect to see unveiled in June, is rumored to be dropping support for a few of Apple's older iPhones. According to French site iPhoneSoft, iOS 15 will not be able to be installed on the iPhone 6s, the iPhone 6s Plus, or the 2016 iPhone SE, all of which have an A9 chip. The iPhone 6s and 6s Plus were introduced in 2015 and are now more...
iphone 12 vs iphone 12 mini

Apple Shifting Some Production From iPhone 12 mini to iPhone 12 Pro to Meet Demand

Wednesday January 20, 2021 8:12 am PST by
Apple has reportedly cut production of the iPhone 12 mini by two million units to create more manufacturing capacity for the iPhone 12 Pro, according to a new Morgan Stanley investment note seen by PED30. Apple is believed to have made the switch for the first quarter of 2021 in an effort to combat continuing lead times for the more popular iPhone 12 Pro. iPhone 12 Pro lead times remain ...
iPhone 13 Notch Feature

iPhone 13 Rumored to Feature Smaller Notch, Pro Model Cameras to Use Larger Image Sensor

Thursday January 21, 2021 1:38 am PST by
Apple's iPhone 13 series will feature a redesigned Face ID system that will allow for a smaller notch at the top of the screen, according to a new report today. The rumor comes via hit-and-miss Taiwanese industry publication DigiTimes, whose supply chain sources also claim that the ultra wide-angle lens in Apple's next-generation iPhones is due for an upgrade. The next-generation iPhones'...
maxresdefault

Video Demos macOS Catalina Running on iPad Pro via x86 Emulation

Thursday January 21, 2021 11:36 am PST by
A video demonstrating macOS Catalina running on a current 2020 iPad Pro has been shared on YouTube, giving us a look at an interesting hack that has a Mac OS up and working on one of Apple's iPads. There's limited information about how the process of getting macOS Catalina on an iPad Pro works, but it uses x86 emulation and was done through the UTM software that allows virtual machines to...
iOS 14

Apple Seeds iOS 14.4 and iPadOS 14.4 Release Candidate to Developers and Public Beta Testers

Thursday January 21, 2021 10:14 am PST by
Apple today seeded the RC version of upcoming iOS 14.4 and iPadOS 14.4 updates to developers for testing purposes, with the new betas coming a week after Apple released the second betas. iOS 14.4 and iPadOS 14.4 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. Paired with the HomePod 14.4 beta that is...
iPhone OIS Feature2

Sensor-Shift Camera Stabilization Rumored to Expand to Entire iPhone 13 Lineup

Wednesday January 20, 2021 7:46 am PST by
The entire iPhone 13 lineup will feature sensor-shift optical image stabilization, compared to only the iPhone 12 Pro Max among current models, according to a brief story preview shared today by Taiwanese publication DigiTimes. "Apple's next-generation iPhones slated for launch in the second half of 2021 will all come with sensor-shift stabilization technology, according to industry...