In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an Official patch that takes care of the problem.
In the past week, a new vulnerability was unveiled in Oracle’s Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.
Even though the attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and browsers in Mountain Lion.
Following the news of this exploit and the potential for it to do harm, concern arose regarding Oracle’s release schedule for Java updates which are usually released quarterly and would mean users would have to wait until October to see a patch to this flaw. As a result, some companies issued their own private patches to this vulnerability in the days that followed its initial finding, but Oracle has stepped up and broken its regular release schedule to offer a patched version of the Java 7 runtime.
The Java 7 Update 7 patch can be downloaded from the, and Oracle recommends that all users of Java 7 apply the update.
Do keep in mind that this vulnerability is in new features in the Java 7 runtime and will not work in other versions, so if you have older Java runtimes installed on your system then you will not need to patch them.
Here’s the kicker boys and girls, Oracle knew about the problem for months (April to be exact). Even after numerous security flaws were reported to Oracle, they made the decision to stick to their routine patching schedule.
Official patch can be found here.
Most users will need the Java SE 7u7 JRE version. Jdk is only needed for the development version.
Just remember, you only need to patch if you are using 1.7/ version 7, all the previous versions are still safe. Soxxie