Java 6 and 7 Security Updates Released
Oracle today has released a critical patch update for JAVA SE that includes both patches for security vulnerabilities and non-security fixes. The company asks all Java users to update their versions of Java SE as soon as possible to protect the underlying systems from attacks exploiting those vulnerabilities.
The patch advisory for February 2012 lists the following Java SE products and versions as vulnerable to the security vulnerabilities addresses by the critical patch update:
- JDK and JRE 7 Update 2 and earlier
- JDK and JRE 6 Update 30 and earlier
- JDK and JRE 5.0 Update 33 and earlier
- SDK and JRE 1.4.2_35 and earlier
- JavaFX 2.0.2 and earlier
The Oracle Java SE Risk Matrix lists 14 unique vulnerabilities of which five have received the highest possible base score of 10. This score assumes that users running Java on the system have administrative privileges. If that is not the case, the base score would lower the base score considerably.
All 14 vulnerabilities can be remotely exploited without authentication, for instance over a network with the need for a username or password.
Users who are not sure which Java version - if any - they are running on their system should open the Java test page that checks the version for them.
The latest Java SE versions can be downloaded from this page over at the Java website. If you have Java 7 installed, you need to click on the JRE download link next to Java SE 7u3, and if you have Java SE 6 installed, you need to click on the JRE download link there to download the update to your computer.
Updates are provided for all supported operating systems, including Windows 32-bit and 64-bit versions, Macintosh and Linux.