Oracle Releases Critical Java Update
Oracle has released a critical patch update for its Java products including the Java Development Kit and the Java Runtime Environment. According to the security advisory the cumulative update fixes a total of 20 security related issues across all Java based products.
Java users can verify their computer system's Java version on this page. Affected by the security vulnerabilities are all JDK and JRE 7, and JDK and JRE Update 27 and earlier versions.
The risk matrix highlights each individual patch, the affected components, attack vectors and scores.
End users can make use of the automatic updating routine or download the new Java versions directly from the Oracle website. Windows users can check manually for updates from the Java Control Panel applet. They need to switch to the Update tab of the applet and click on the Update Now button there to run an update check and install the update on the system.
Users running the Java Runtime Environment 6 (who want to stay on 6 and not switch to 7) can download the JRE 6 Update 29 from this page. The new version is available for all supported operating systems. Windows users can download online or offline installers of the JRE.
Users who are already running the Java Runtime Environment 7 can download the new version that brings their version to JRE 7 Update 1 here.
Developers can download the Java Development Kit 7 Update 1 from the Java SE Downloads page. Additional developer related downloads are provided on that page as well.
Oracle classifies the patch update as critical. Users running either the JDK or JRE on their computer system should update the systems as quickly as possible to protect their operating systems from potential attacks and exploits.
Oracle notes that 19 of the 20 vulnerabilities can be remotely exploited without the need for authentication. System administrators who need more information should start with the official patch update advisory linked above. It includes temporary workaround suggestions that may mitigate potential attacks on computer systems.
Advertisement
How can one tell for sure if a website requires Java? I regularly use Secunia’s Online Software Inspector (OSI), and that seems to require Java.
http://secunia.com/vulnerability_scanning/online/
I didn’t like that right after I installed the Java update and opened Firefox it told me that two new extensions were installed in my FF addons: Java Console and Java Quick Starter. I can’t remember if they were there a long time ago and I took them out, but they certainly were not there before I updated Java today. I don’t like software installing add-ons to my browser without first asking my permission.
Thanks for the consistently great, useful information on Ghacks!
Want to cleanup previous versions of Java including registry entries (only versions 6.x.x.x) ?
Run the portable app JavaRa .
Good point, JavaRa is an excellent utility for that purpose.
I experienced a similar trouble with Java some years ago when i had an application (a sip server) that ran with particular version of Java.
Wanting to clean up a bit my system, i went along uninstalling 2 different versions of Java (that i thought were sitting and eating up resources for nothing), then upgraded to the latest version back then.
Next thing i realized was that my clients/agents devices could not longer contact the server… too late, could not reverse the process (no OS backup) and lost the ability to keep on using the sip server as the Newer version required license fee !!
From that day on, i curse Java for their lousy piled-up software installation, not to mention the maze one have to go through to find the right version…JDK, KDJ, LKJ…Bloody J.
What is the difference between Java 6 and 7 ?
Java version checker site ( http://java.com/en/download/installed.jsp ) advised me to update to 6u29, why not to 7u1 ?
I remember when Java 7 came out a few months ago, users complaining that some applications requiring Java would not recognize Java 7 as installed Java (even when setting its new path to …java\jre7\bin), and in particular OpenOffice as well as LibreOffice, and I was of the lot.
I don’t understand why Oracle delivers no information on this confusing matter (at least for non-techies).
Good question. I really do not know. My guess would be that it is an Enterprise thingy.
Here the answer…
– Why is Java SE 7 not yet available on java.com?
http://java.com/en/download/faq/java7.xml
Saludos!
Thanks Diego for doing the research for us.
Hoi Martin i am running Sun Java Runtime Environment 7.0.0.147 (I am running this from 2011-07-09) and I checked with the be your supplied link or there may be a newer version. But java said no/that I am up to date. So to be totaly sure I downloaded the jre-7u1-windows-x64.exe file but the file size was as big as the one i loaded a few mounths ago? Maybay the Sun update website is not up to date? Maybay later one? Can you help me out here?
Paulus, 7u1 is the latest update. Patches do not necessarily increase the file size of a product, especially if it is compressed. You need to compare hash values to see if both are identical. The links that I put up link to the latest versions of Java.
I stopped installing Java a long time ago and I do not miss it.
It is a rare website that requires it these days and unless
one has a specific indispensable program that
requires this run-time I see no point in it.
From a security standpoint Java does not
have a stellar record to say the least.
Martin, I recall you like RSSOwl which requires Java.
Do you feel Java is critical for anything else?
Maybe as a webmaster you need it
for various testing purposes.
I would not have Java installed if I did not use RSS Owl. Well, I sometimes need it for testing apps that I may review. As a webmaster, I do not need it at all.
I see. I thought that might be the case. We agree then.
If RSS Owl did not require JavaI would definitely try it.