Oracle updates Java 7 to fix dangerous security exploits
TL;DR version: if you have Java 7 on your computer, update it. Now.
The Java programming language helped to make the Web popular in the mid 1990s by its invention of the Web applet. The idea was powerful and enabled complex programs to be automatically downloaded when you visited a Web page and run securely on your personal computer in a sandbox. The sandbox prevented any applet running in it from doing the things on your computer you would not want it to do — like accessing your files, sending email, accessing other computers on the Internet, or installing new programs.
If you've read any technology news in the past week you know that several very nasty security vulnerabilities were discovered in Java version 7 that can be exploited by attackers, allowing them to create applets that can execute arbitrary code on your computer.
The exploit applies to Java 7 and not to earlier versions of Java and only when that is used to run a Java applet in your browser. The problem does not affect the use of Java 7 on servers, in Java desktop applications, or embedded Java.
Today Oracle released a security alert to address the vulnerabilities. The vulnerabilities are remotely exploitable without authentication and have the highest CVSS severity score of 10. Oracle recommends that their fix be applied as soon as possible — some exploits are already available in hacking tools like Metasploit, which means that relatively unsophisticated people can use them.
Java developers and programmers should download the latest Java SE JDK and JRE 7 releases from Oracle and users running Java SE with a browser should download the latest JRE 7 from java.com. Windows users can also use automatic updates to get the latest JRE 7 release.
You can test the version of Java available to your browser <a href="http://www.java.com/en/download/installed.jsp">here</a>. Note that Google's popular Chrome browser does not support Java 7, so Chome users need not update Java unless they also use another browser, such as Firefox or Safai.
Oracle also changed the default security setting for Java to "High," which means that most users will need to approve Java applets before they run.
Posted: January 13, 2013, 8:14 PM