You have probably heard about the latest Java vulnerability that is being exploited in the wild right now. The vulnerability, made public a few days ago, is affecting Java 7.06 and earlier. One of the best suggestions so far was to disable Java in the Internet browser to protect the system from exploits, a more radical approach to uninstall Java on the system.
Oracle a few minutes ago has released an update for Java that brings the version of the Java Runtime Environment to 7 Update 7. This update fixes the vulnerability and it is therefor recommended for all Java 7.06 and earlier users. You can visit the following web page to test the version of Java installed on your computer. Please note that you only get a result if Java is installed and enabled in the web browser.
You can download the Java update from the official website where it is available for all supported operating systems. You can alternatively visit the manual download page to download Java offline installers. To update, simply download Java 7 Update 7 from the Java.com website and run the installer afterwards. This will update all existing versions of Java on the system to the latest version. Keep in mind that it may activate Java in the browser after doing so.
Java 6 users do not need to download and install the Java 7 update. They can instead download Java 6 Update 35 which has also been released today by Oracle. It is available on the old Java 6 download page.
The updates fix the security issues on systems with Java 7 Update 6 or earlier:
This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
You can access the security alert here for additional information on the issue.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.