Oracle Releases Critical Java Update

Martin Brinkmann
Oct 19, 2011
Updated • Jan 16, 2013

Oracle has released a critical patch update for its Java products including the Java Development Kit and the Java Runtime Environment. According to the security advisory the cumulative update fixes a total of 20 security related issues across all Java based products.

Java users can verify their computer system's Java version on this page. Affected by the security vulnerabilities are all JDK and JRE 7, and JDK and JRE Update 27 and earlier versions.

The risk matrix highlights each individual patch, the affected components, attack vectors and scores.

End users can make use of the automatic updating routine or download the new Java versions directly from the Oracle website. Windows users can check manually for updates from the Java Control Panel applet. They need to switch to the Update tab of the applet and click on the Update Now button there to run an update check and install the update on the system.

java control panel update

Users running the Java Runtime Environment 6 (who want to stay on 6 and not switch to 7) can download the JRE 6 Update 29 from this page. The new version is available for all supported operating systems. Windows users can download online or offline installers of the JRE.

Users who are already running the Java Runtime Environment 7 can download the new version that brings their version to JRE 7 Update 1 here.

java update 7

Developers can download the Java Development Kit 7 Update 1 from the Java SE Downloads page. Additional developer related downloads are provided on that page as well.

Oracle classifies the patch update as critical. Users running either the JDK or JRE on their computer system should update the systems as quickly as possible to protect their operating systems from potential attacks and exploits.

Oracle notes that 19 of the 20 vulnerabilities can be remotely exploited without the need for authentication. System administrators who need more information should start with the official patch update advisory linked above. It includes temporary workaround suggestions that may mitigate potential attacks on computer systems.


Previous Post: «
Next Post: «


  1. Hy said on October 20, 2011 at 5:53 pm

    How can one tell for sure if a website requires Java? I regularly use Secunia’s Online Software Inspector (OSI), and that seems to require Java.

    I didn’t like that right after I installed the Java update and opened Firefox it told me that two new extensions were installed in my FF addons: Java Console and Java Quick Starter. I can’t remember if they were there a long time ago and I took them out, but they certainly were not there before I updated Java today. I don’t like software installing add-ons to my browser without first asking my permission.

    Thanks for the consistently great, useful information on Ghacks!

  2. ilev said on October 20, 2011 at 11:40 am

    Want to cleanup previous versions of Java including registry entries (only versions 6.x.x.x) ?
    Run the portable app JavaRa .

    1. Martin Brinkmann said on October 20, 2011 at 3:26 pm

      Good point, JavaRa is an excellent utility for that purpose.

  3. ParisMan said on October 20, 2011 at 12:34 am

    I experienced a similar trouble with Java some years ago when i had an application (a sip server) that ran with particular version of Java.

    Wanting to clean up a bit my system, i went along uninstalling 2 different versions of Java (that i thought were sitting and eating up resources for nothing), then upgraded to the latest version back then.

    Next thing i realized was that my clients/agents devices could not longer contact the server… too late, could not reverse the process (no OS backup) and lost the ability to keep on using the sip server as the Newer version required license fee !!

    From that day on, i curse Java for their lousy piled-up software installation, not to mention the maze one have to go through to find the right version…JDK, KDJ, LKJ…Bloody J.

  4. Transcontinental said on October 19, 2011 at 7:05 pm

    What is the difference between Java 6 and 7 ?
    Java version checker site ( ) advised me to update to 6u29, why not to 7u1 ?

    I remember when Java 7 came out a few months ago, users complaining that some applications requiring Java would not recognize Java 7 as installed Java (even when setting its new path to …java\jre7\bin), and in particular OpenOffice as well as LibreOffice, and I was of the lot.

    I don’t understand why Oracle delivers no information on this confusing matter (at least for non-techies).

    1. Martin Brinkmann said on October 19, 2011 at 7:22 pm

      Good question. I really do not know. My guess would be that it is an Enterprise thingy.

      1. Diego said on October 20, 2011 at 12:10 am

        Here the answer…

        – Why is Java SE 7 not yet available on


      2. Martin Brinkmann said on October 20, 2011 at 6:46 am

        Thanks Diego for doing the research for us.

  5. Paul(us) said on October 19, 2011 at 5:34 pm

    Hoi Martin i am running Sun Java Runtime Environment (I am running this from 2011-07-09) and I checked with the be your supplied link or there may be a newer version. But java said no/that I am up to date. So to be totaly sure I downloaded the jre-7u1-windows-x64.exe file but the file size was as big as the one i loaded a few mounths ago? Maybay the Sun update website is not up to date? Maybay later one? Can you help me out here?

    1. Martin Brinkmann said on October 19, 2011 at 6:17 pm

      Paulus, 7u1 is the latest update. Patches do not necessarily increase the file size of a product, especially if it is compressed. You need to compare hash values to see if both are identical. The links that I put up link to the latest versions of Java.

  6. Robert Palmar said on October 19, 2011 at 5:27 pm

    I stopped installing Java a long time ago and I do not miss it.
    It is a rare website that requires it these days and unless
    one has a specific indispensable program that
    requires this run-time I see no point in it.

    From a security standpoint Java does not
    have a stellar record to say the least.

    Martin, I recall you like RSSOwl which requires Java.
    Do you feel Java is critical for anything else?
    Maybe as a webmaster you need it
    for various testing purposes.

    1. Martin Brinkmann said on October 19, 2011 at 6:15 pm

      I would not have Java installed if I did not use RSS Owl. Well, I sometimes need it for testing apps that I may review. As a webmaster, I do not need it at all.

      1. Robert Palmar said on October 19, 2011 at 6:52 pm

        I see. I thought that might be the case. We agree then.
        If RSS Owl did not require JavaI would definitely try it.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.