Java 7 update 11 released

Java 7 update has been released patching the latest zero day.

Since Friday, its been hard to turn on the news without hearing about this Java vulnerability and Homeland Security’s advice to disable or remove Java.  Now you don’t have to potentially denial of service yourself to be protected from this attack.

Disabling the browser integration, or removing Java is good advice if you don’t use it.

An update was not released of Java 6.  There had been talk about whether or not 6 was vulnerable in spite of not being listed in the vulnerability reports.

 

2 Comments

  1. 3rd party has verified this patch only solves current exploit and not the underlying problem. Expect a new exploit soon.

    • They seem to be taking a bandaide approach rather. I’ve seen a post saying it could take years to truely fix this. 😮

      At least by applying the update the door is closed on the current exploit in common exploit kits.

      It would have been so helpful if Oracle would have learned from Microsoft or learned from Adobe. Instead every company has to learn their own security lesson anew. 1.7 should have been built with security in mind. Instead it seems they’ve added exploitable code not previously in 1.6. I’m left shaking my head.

Comments are closed.