Printed from http://www.electronista.com

Oracle updates Java again to close serious security flaws

updated 01:26 pm EST, Wed February 20, 2013

Third emergency update may be the charm for recent malware issues

Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.

According to company release notes, v7 Update 15 serves as a new security baseline, and will replace Java SE 6 outright on machines that can support using Java SE 7 instead. It also deprecates all use of the original "classic" web plug-in. SE 6 is referred to as being "retired" by the company.

Oracle's release notes for Update 15 do not specify how many fixes are included in the update or their exact nature, though it can be presumed to incorporate the same bug fixes as Apple's patch. The previous Oracle update, which was rush-released due to active malware taking advantage of the vulnerabilities, contained fixes to some 50 security holes, almost all of which were browser-based.

Apple recently blocked Java in OS X for a second time following concerns that Update 11 still had serious gaps (that were mostly addressed in the later Update 13). The move prevented malware attacks from reaching Macs "in the wild," but may have caused problems for some Mac users, since it broke any websites or apps based on the software.

Many Mac users will be completely unaware of the security merry-go-round of recent Java issues, as the Java plug-in likely remains disabled (or even completely absent) from machines running OS X Lion or Mountain Lion. OS X automatically disables the Java web plug-in if it is not used for 31 days, and prompts the user to install an updated copy of Java with an automatic link to the latest version when a user runs across a site that requires Java.

JavaScript, a similarly-named technology widely used on the web, is not and has never been affected by the security problems seen recently in Java. Despite the similar name, the language has nothing to do with Java, which is a cross-platform "just in time" compiler for applets that run on common code.




By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in mi ...

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Sponsor

toggle

Most Commented

 
toggle

Popular News