Oracle patches Java 7 vulnerability
Breaking its quarterly update schedule, Oracle has released a new Java runtime that addresses recent security flaws.
In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.
In the past week, a new, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.
Even though the attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion.
Following the news of this exploit and the potential for it to do harm, concern arose regarding Oracle's release schedule for Java updates which are usually released quarterly and would mean users would have to wait until October to see a patch to this flaw. As a result, some companies issued their own private patches to this vulnerability in the days that followed its initial finding, but Oracle has stepped up and broken its regular release schedule to offer a patched version of the Java 7 runtime.
The Java 7 Update 7 patch can be downloaded from the Java SE Downloads Web page, and Oracle recommends that all users of Java 7 apply the update.
Do keep in mind that this vulnerability is in new features in the Java 7 runtime and will not work in other versions, so if you have older Java runtimes installed on your system then you will not need to patch them to address this specific vulnerability; however, Oracle has also updated Java SE 6 to address other bugs so it is recommended that you also install the latest update for this runtime.