Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Ships Java 7 Update 11 With Vulnerability Fixes

Posted by samzenpus on from the try-it-now dept.

An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."

2 of 243 comments (clear)

  1. Is this really a fix? by DavidClarkeHR · · Score: 5, Interesting

    It's great that the default security settings have been increased - and the zero-day flaws needed fixing (as always).

    Proper web browsing hygiene protected users from this zero-day vulnerability - but my mom needed this update.

    --
    - Nec Impar Pluribus, or so I'm told.
  2. Re:Java and Flash by oatworm · · Score: 5, Interesting

    Tell that to lawyers that need it to access PACER or their local court filing repository. Or tell that to various medical professionals that have line-of-business apps written in Java (recently stumbled across an pano controller package written entirely in Java - that was cute). Or tell that to certain financial industries that use Java to submit various bits of paperwork (if you're a merchant filing for credit card processing, there's a decent chance your application was scanned and uploaded using a Java app called "AMA", depending on which platform your processor is underwriting with). Or tell that to businesses that electronically deposit checks - quite a few banks out there use scanners with Java software to get the checks from the business' PC into the banking system.

    Java's actually fairly commonly used for line-of-business applications because it's fairly easy to find Java developers ("easy" being synonymous with "cheap"), the tools start at "free", it's sort of platform neutral, and it's been around for a while. Plus, a lot of those Java line-of-business apps were first written 5-10 years ago and, well, they still basically work - given a choice between paying for a total re-implementation of some tool that works "reliably", doing the necessary field testing to prove it's at least as secure, functional, and stable as the current implementation, or just periodically testing it against the latest version of Java, guess what most businesses do?

    Now you know why Java exploits are a big deal.