Java 6 and 7 Security Updates Released - gHacks Tech News

Java 6 and 7 Security Updates Released

Oracle today has released a critical patch update for JAVA SE that includes both patches for security vulnerabilities and non-security fixes. The company asks all Java users to update their versions of Java SE as soon as possible to protect the underlying systems from attacks exploiting those vulnerabilities.

The patch advisory for February 2012 lists the following Java SE products and versions as vulnerable to the security vulnerabilities addresses by the critical patch update:

  • JDK and JRE 7 Update 2 and earlier
  • JDK and JRE 6 Update 30 and earlier
  • JDK and JRE 5.0 Update 33 and earlier
  • SDK and JRE 1.4.2_35 and earlier
  • JavaFX 2.0.2 and earlier

The Oracle Java SE Risk Matrix lists 14 unique vulnerabilities of which five have received the highest possible base score of 10. This score assumes that users running Java on the system have administrative privileges. If that is not the case, the base score would lower the base score considerably.

All 14 vulnerabilities can be remotely exploited without authentication, for instance over a network with the need for a username or password.

Users who are not sure which Java version - if any - they are running on their system should open the Java test page that checks the version for them.

java test

The latest Java SE versions can be downloaded from this page over at the Java website. If you have Java 7 installed, you need to click on the JRE download link next to Java SE 7u3, and if you have Java SE 6 installed, you need to click on the JRE download link there to download the update to your computer.

Updates are provided for all supported operating systems, including Windows 32-bit and 64-bit versions, Macintosh and Linux.

You can furthermore access the Java SE 7 Update 3 release notes on this page, and the release notes for the Java SE 6 Update 31 on this.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Paul(us) said on February 16, 2012 at 2:22 am
    Reply

    Also today the Adobe Flash Player 11.1.102.62 Final (32&64 bit) was released

    1. Martin Brinkmann said on February 16, 2012 at 9:26 am
      Reply

      Good to know, thanks Paulus.

  2. ilev said on February 17, 2012 at 9:17 pm
    Reply

    Why Oracle isn’t updating Java 6 users to Java 7 ?

    1. Martin Brinkmann said on February 17, 2012 at 9:33 pm
      Reply

      Java 7 is still aimed at developers I think.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.