Oracle Releases Update to Patch Zero-Day Java Flaw

[Akshay Masand]

Oracle has released an official fix for the Java security flaw that was recently reported by the Computer Emergency Readiness Team late last week. Shortly after it was flagged by CERT, Apple disabled the Java plug-in on all Macs running OS X 10.6 or later by amending the XProtect malware/minimum versions file. Users who are interested in re-enabling a secure, working version of Java can download the update from Java’s website.

Java Update (Official Site Link)

The update is of course recommended for users on all operating systems including Windows and Linux. Of course, if you don’t need to be running a Java VM for a specific, your best is to not have it installed in the first place. Many people have suggested to simply leave Java disabled for browser access most of the time and only turn it on when specifically required to do so, which makes sense.

From its update release notes, Oracle states the following:

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

It was a bit surprising but good to see Oracle step up to fix the issue as fast as they did despite having issued a statement with no time frame. It provides a sense of relief, especially considering that Oracle is now directly responsible for producing and updating the Mac JRE package, much like it does for other operating systems.

Source: Oracle (A special Thank You to Nicholas Lester for sending this in)

[SoldierRican]

(A special Thank You to Nicholas Lester for sending this in)

lol Thanks I love it and you even used my screenshot

[ohthatguyagain]

Disable java? What a joke!!