Thursday, August 30, 2012

Critical Java Security Update


Oracle released an out-of-band security update for Java SE.  Security Alert CVE-2012-4681 addresses three distinct but related critical vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. 

These vulnerabilities may be remotely exploitable without authentication.  In other words, the vulnerabilities may be exploited over a network without the need for a username and password merely by visiting a malicious web page with an unpatched version of Java.

Affected versions:
  • JDK and JRE 7 Update 7 and earlier
  • JDK and JRE 6 Update 34 and earlier
It is strongly recommended that the update be applied as soon as possible due to the threat posed by a successful attack.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

Instructions on removing older (and less secure) versions of Java can be found at

Download Information

Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 upgrade to the latest version.  When you upgrade from Java SE 6 to Java SE7 please check installed program files and remove all versions of Java SE 6.

As of this posting, Java SE 7u7 is only available from this link:

Verify your version:

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are:
  • 16 October 2012
  • 19 February 2013


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: