Java 6 and 7 Security Updates Released

Martin Brinkmann
Feb 15, 2012
Updated • Feb 16, 2012

Oracle today has released a critical patch update for JAVA SE that includes both patches for security vulnerabilities and non-security fixes. The company asks all Java users to update their versions of Java SE as soon as possible to protect the underlying systems from attacks exploiting those vulnerabilities.

The patch advisory for February 2012 lists the following Java SE products and versions as vulnerable to the security vulnerabilities addresses by the critical patch update:

  • JDK and JRE 7 Update 2 and earlier
  • JDK and JRE 6 Update 30 and earlier
  • JDK and JRE 5.0 Update 33 and earlier
  • SDK and JRE 1.4.2_35 and earlier
  • JavaFX 2.0.2 and earlier

The Oracle Java SE Risk Matrix lists 14 unique vulnerabilities of which five have received the highest possible base score of 10. This score assumes that users running Java on the system have administrative privileges. If that is not the case, the base score would lower the base score considerably.

All 14 vulnerabilities can be remotely exploited without authentication, for instance over a network with the need for a username or password.

Users who are not sure which Java version - if any - they are running on their system should open the Java test page that checks the version for them.

The latest Java SE versions can be downloaded from this page over at the Java website. If you have Java 7 installed, you need to click on the JRE download link next to Java SE 7u3, and if you have Java SE 6 installed, you need to click on the JRE download link there to download the update to your computer.

Updates are provided for all supported operating systems, including Windows 32-bit and 64-bit versions, Macintosh and Linux.

You can furthermore access the Java SE 7 Update 3 release notes on this page, and the release notes for the Java SE 6 Update 31 on this.


Previous Post: «
Next Post: «


  1. ilev said on February 17, 2012 at 9:17 pm

    Why Oracle isn’t updating Java 6 users to Java 7 ?

    1. Martin Brinkmann said on February 17, 2012 at 9:33 pm

      Java 7 is still aimed at developers I think.

  2. Paul(us) said on February 16, 2012 at 2:22 am

    Also today the Adobe Flash Player Final (32&64 bit) was released

    1. Martin Brinkmann said on February 16, 2012 at 9:26 am

      Good to know, thanks Paulus.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.