Oracle has released a critical patch update for its Java products including the Java Development Kit and the Java Runtime Environment. According to the security advisory the cumulative update fixes a total of 20 security related issues across all Java based products.
Java users can verify their computer system's Java version on this page. Affected by the security vulnerabilities are all JDK and JRE 7, and JDK and JRE Update 27 and earlier versions.
The risk matrix highlights each individual patch, the affected components, attack vectors and scores.
End users can make use of the automatic updating routine or download the new Java versions directly from the Oracle website. Windows users can check manually for updates from the Java Control Panel applet. They need to switch to the Update tab of the applet and click on the Update Now button there to run an update check and install the update on the system.
Users running the Java Runtime Environment 6 (who want to stay on 6 and not switch to 7) can download the JRE 6 Update 29 from this page. The new version is available for all supported operating systems. Windows users can download online or offline installers of the JRE.
Users who are already running the Java Runtime Environment 7 can download the new version that brings their version to JRE 7 Update 1 here.
Developers can download the Java Development Kit 7 Update 1 from the Java SE Downloads page. Additional developer related downloads are provided on that page as well.
Oracle classifies the patch update as critical. Users running either the JDK or JRE on their computer system should update the systems as quickly as possible to protect their operating systems from potential attacks and exploits.
Oracle notes that 19 of the 20 vulnerabilities can be remotely exploited without the need for authentication. System administrators who need more information should start with the official patch update advisory linked above. It includes temporary workaround suggestions that may mitigate potential attacks on computer systems.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.