Printed from

Oracle updates Java again to close serious security flaws

updated 01:26 pm EST, Wed February 20, 2013

Third emergency update may be the charm for recent malware issues

Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.

According to company release notes, v7 Update 15 serves as a new security baseline, and will replace Java SE 6 outright on machines that can support using Java SE 7 instead. It also deprecates all use of the original "classic" web plug-in. SE 6 is referred to as being "retired" by the company.

Oracle's release notes for Update 15 do not specify how many fixes are included in the update or their exact nature, though it can be presumed to incorporate the same bug fixes as Apple's patch. The previous Oracle update, which was rush-released due to active malware taking advantage of the vulnerabilities, contained fixes to some 50 security holes, almost all of which were browser-based.

Apple recently blocked Java in OS X for a second time following concerns that Update 11 still had serious gaps (that were mostly addressed in the later Update 13). The move prevented malware attacks from reaching Macs "in the wild," but may have caused problems for some Mac users, since it broke any websites or apps based on the software.

Many Mac users will be completely unaware of the security merry-go-round of recent Java issues, as the Java plug-in likely remains disabled (or even completely absent) from machines running OS X Lion or Mountain Lion. OS X automatically disables the Java web plug-in if it is not used for 31 days, and prompts the user to install an updated copy of Java with an automatic link to the latest version when a user runs across a site that requires Java.

JavaScript, a similarly-named technology widely used on the web, is not and has never been affected by the security problems seen recently in Java. Despite the similar name, the language has nothing to do with Java, which is a cross-platform "just in time" compiler for applets that run on common code.

By Electronista Staff


Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...



Most Commented


Popular News