Oracle Releases Java 7 Update With 50 Fixes To Address Security Flaws

By Binu Paul email: b.paul@mobilenapps.com | Feb 02, 2013 09:39 AM EST

Share This Story

  • Print
  • Email

Oracle has released an updated version of Java 7 to address vulnerabilities seen with the last build, one day after Apple blocked Java 7 web plug-ins on OS X.

The original Critical Patch Update for Java SE was scheduled to be released on February 19th, but the company decided to accelerate the release because of "active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers," Oracle said.

Follow us

The new release brings in a version number of 1.7.0_13-b20 which meets Apple's requirement for a minimum of 1.7.0_11-b22. Update 13 for Java 7 and Update 39 for Java 6 fixes over 50 issues.

"Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers", Oracle said.

Twenty-six of the 50 vulnerabilities are rated at the highest CVSS level (10.0) and two at 9.3. It should be noted that almost all the vulnerabilities are accessible from the network without authentication, besides one that affects the installation process.

"This Critical Patch Update is consistent with previous Java security releases, in that most of the vulnerabilities addressed in this Critical Patch Update only affect Java and Java FX client deployments," Oracle's Eric Maurice explained in a Friday blog post.

The JRE update is available for Macs running Lion and Mountain Lion, Windows, Linux and Solaris, from the general download page. Java 6 is available for Windows, Solaris and Linux.

The Windows users are advised to un-install and re-install Java that just going for an upgrade. Oracle strongly recommended that users apply CPU fixes as soon as possible because the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.

A zero-day flaw in the Java Runtime Environment was discovered in early January which was being exploited by nefarious websites. The threat was so serious that the U.S. Department of Homeland Security warned users to disable Java from their computers.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Intel Pocket Avatars

Join Our Conversation

Smartphones
Sony Xperia Z3 leaks with specs sheet taped on its backSony Xperia Z3 full spec sheet leaked – Here’s what to expect
Apple’s iWatch reportedly in ‘engineering verification test’ stage, likely launching in 2015
Sony Xperia Z3 Compact leaks in press shots ahead of IFA 2014 debut
Sony to unveil Android Wear-powered SmartWatch 3, SmartBand Talk wearables at IFA 2014
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Vine update brings new camera experienceVine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
PayPal for iOS update brings loyalty card support, other features and enhancements
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics