Oracle releases v11 fix for zero-day Java security flaw
Oracle has released an official fix for the Java security flaw that was reported by CERT (the Computer Emergency Readiness Team) on January 11. Shortly after the flagging by CERT, Apple took steps to disable the Java plug-in on all Macs running OS X 10.6 or later by amending the XProtect malware/minimum versions file.
Users who want to re-enable a secure, working version of Java can download the update here. The update is recommended for users on all operating systems including Windows and Linux. Of course, if you don't need to be running a Java VM for a specific reason, your most secure path is to not have it installed.
At a minimum, you might consider TJ's reasonable advice and reserve your browser-centric Java activities to a single-site browser like Fluid.app, or simply leave Java disabled for browser access most of the time and only turn it on when specifically required.
From the release notes, Oracle states: "Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."
Apple no longer distributes its own version of Java for Macs running OS X 10.7 or higher. Oracle is now directly responsible for producing and updating the Mac JRE package, as it does for other mainstream operating systems.
Subscribe to Newsletter
Software Updatesmore updates
- IFTTT adds a location channel to its iOS App
- Plants vs. Zombies 2 gets upgraded map, more 'cool' stuff
- Remote Desktop update brings OS X Mavericks support and improved multi-display support
- Valve revamps Steam Mobile for iOS
- Google Drive iOS app finally lets you sort items and find and replace in documents
- Viber announces Viber Out calls for iOS, goes head to head with Skype