Oracle Releases Java 7 Update With 50 Fixes To Address Security Flaws
Oracle has released an updated version of Java 7 to address vulnerabilities seen with the last build, one day after Apple blocked Java 7 web plug-ins on OS X.
The original Critical Patch Update for Java SE was scheduled to be released on February 19th, but the company decided to accelerate the release because of "active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers," Oracle said.
The new release brings in a version number of 1.7.0_13-b20 which meets Apple's requirement for a minimum of 1.7.0_11-b22. Update 13 for Java 7 and Update 39 for Java 6 fixes over 50 issues.
"Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers", Oracle said.
Twenty-six of the 50 vulnerabilities are rated at the highest CVSS level (10.0) and two at 9.3. It should be noted that almost all the vulnerabilities are accessible from the network without authentication, besides one that affects the installation process.
"This Critical Patch Update is consistent with previous Java security releases, in that most of the vulnerabilities addressed in this Critical Patch Update only affect Java and Java FX client deployments," Oracle's Eric Maurice explained in a Friday blog post.
The JRE update is available for Macs running Lion and Mountain Lion, Windows, Linux and Solaris, from the general download page. Java 6 is available for Windows, Solaris and Linux.
The Windows users are advised to un-install and re-install Java that just going for an upgrade. Oracle strongly recommended that users apply CPU fixes as soon as possible because the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.
A zero-day flaw in the Java Runtime Environment was discovered in early January which was being exploited by nefarious websites. The threat was so serious that the U.S. Department of Homeland Security warned users to disable Java from their computers.