Oracle patches Java 7 vulnerability

Breaking its quarterly update schedule, Oracle has released a new Java runtime that addresses recent security flaws.

In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.

In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime , which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Even though the attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion.

Following the news of this exploit and the potential for it to do harm, concern arose regarding Oracle's release schedule for Java updates which are usually released quarterly and would mean users would have to wait until October to see a patch to this flaw. As a result, some companies issued their own private patches to this vulnerability in the days that followed its initial finding, but Oracle has stepped up and broken its regular release schedule to offer a patched version of the Java 7 runtime.

The Java 7 Update 7 patch can be downloaded from the Java SE Downloads Web page, and Oracle recommends that all users of Java 7 apply the update.

Do keep in mind that this vulnerability is in new features in the Java 7 runtime and will not work in other versions, so if you have older Java runtimes installed on your system then you will not need to patch them to address this specific vulnerability; however, Oracle has also updated Java SE 6 to address other bugs so it is recommended that you also install the latest update for this runtime.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Best mobile games of 2014
    Nissan gives new Murano bold style (pictures)
    Top great space moments in 2014 (pictures)
    This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
    ZTE's wallet-friendly Grand X (pictures)
    Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)