Printed from http://www.electronista.com

Oracle updates Java again to close serious security flaws

updated 01:26 pm EST, Wed February 20, 2013

Third emergency update may be the charm for recent malware issues

Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.

According to company release notes, v7 Update 15 serves as a new security baseline, and will replace Java SE 6 outright on machines that can support using Java SE 7 instead. It also deprecates all use of the original "classic" web plug-in. SE 6 is referred to as being "retired" by the company.

Oracle's release notes for Update 15 do not specify how many fixes are included in the update or their exact nature, though it can be presumed to incorporate the same bug fixes as Apple's patch. The previous Oracle update, which was rush-released due to active malware taking advantage of the vulnerabilities, contained fixes to some 50 security holes, almost all of which were browser-based.

Apple recently blocked Java in OS X for a second time following concerns that Update 11 still had serious gaps (that were mostly addressed in the later Update 13). The move prevented malware attacks from reaching Macs "in the wild," but may have caused problems for some Mac users, since it broke any websites or apps based on the software.

Many Mac users will be completely unaware of the security merry-go-round of recent Java issues, as the Java plug-in likely remains disabled (or even completely absent) from machines running OS X Lion or Mountain Lion. OS X automatically disables the Java web plug-in if it is not used for 31 days, and prompts the user to install an updated copy of Java with an automatic link to the latest version when a user runs across a site that requires Java.

JavaScript, a similarly-named technology widely used on the web, is not and has never been affected by the security problems seen recently in Java. Despite the similar name, the language has nothing to do with Java, which is a cross-platform "just in time" compiler for applets that run on common code.




By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

SMS Audio Sync Sport on-ear headphones

When hitting the gym or going out for a trail run, headphones can cause a number of problems. From the ear buds getting slimy with swe ...

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Sponsor

toggle

Most Commented

 
toggle

Popular News