Oracle Releases Java 7 Update 11, Patches Two Flaws

By Johnny Wills email: | Jan 14, 2013 05:07 PM EST

Share This Story

  • Print
  • Email

Oracle has released a software update, patching a security hole in Java that allowed cybercriminals to break into users' computers.

The emergency update released on Jan. 13 addresses the recently discovered flaw in the latest version of Java. The latest patch to Java 7 Update 11 counters CVE-2013-0422 flaw, along with an earlier CVE-2012-3174 remote code execution bug, dating back to June 2012.

Follow us

Java 7 Update 11 is available for downloads on Oracle's Web site.

Oracle also raised the default security level settings for Java from Medium to High. It will prevent drive-by-downloads as users will be prompted every time before running any unsigned Java applet or Web Start application.

"The default security level for Java applets and web start applications has been increased from 'Medium' to 'High'. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the 'High' setting the user is always warned before any unsigned application is run to prevent silent exploitation," Oracle wrote in an advisory.

The critical vulnerability in Java 7, which was discovered last week, allows unauthenticated users to execute arbitrary code on a victim's machine. Hackers were using compromised Web sites as platforms for installing malicious programs, such as keyloggers and spywares.

At the time news broke, security advisors recommended users disable Java as a security measure against the flaw that received the maximum Common Vulnerability Scoring System (CVSS) score of 10.

Security researchers have uncovered the compromised Web sites, but it is unknown how many users were infected.

Oracle usually releases a security update to Java on a quarterly cycle; however, it had to release an out-of-band fix as the vulnerability was added to several popular exploit kits such as Blackhole and Cool EK, making it easier for hackers to take over machines. 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Leaked image of the Amazon 3D smartphone in protective shell Amazon’s upcoming 3D smartphone leaks in first images, with more spec details
Google: All Glass spots claimed in Explorer Program after April 15 one-day sale following KitKat update
Samsung Galaxy S5 vs. HTC One M8, LG Google Nexus 5 & iPhone 5S in drop, slide, and dunk tests (VIDEO)
Microsoft Windows Phone 8.1 Developer Preview released – Get it now
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Adobe Lightroom MobileAdobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Twitter adds photo tagging, multiple photo sharing to iPhone and Android apps
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps