The Finest Hand-Selected Downloads
Individually reviewed & tested
Store News

Java 7 update 11 acts as sticking plaster for recent security concerns

14 January 2013, Nick Peers

Oracle has issued an emergency fix for its cross-platform Java software. Java 7 update 11 for Windows, Mac and Linux, and Java 7 Update 11 64-bit for 64-bit versions of Windows and Linux, aims to plug a number of alarming security holes that were being used for phishing attacks and other crimeware.

While update 11 should be considered an essential update for all Java users, researchers have warned that the new build is little more than a sticking plaster for the problem, and recommend users actually disable Java from running inside web browsers.

Update 11 specifically acts on a Java exploit in web browsers that the US Department of Homeland Security warned is being “actively exploited” by malware. This allows code to be executed outside of Java’s sandbox, allowing keyloggers and botnet code to be distributed through the Java exploit.

Check your browser's add-ons or extensions menu should you wish to disable Java.

The update basically sets Java’s default security settings to “High”, which means all code from unknown sources will be flagged before running on the user’s say-so.

Researchers warn that despite this new setting, the security can be bypassed by hackers able to mask their code through “social engineering”, which allows them to mask its true origins and claim to be from a trusted source, encouraging users to accept the code even though it’s been flagged.

As a result, the Department of Homeland Security’s Computer Emergency Readiness Team has recommended users should actually disable Java from running in web browsers – even after applying the latest update. The warning is echoed by other experts, including Rapid 7 and Polish company Security Explorations.

At the present time, Mac OS X disables Java browser plug-ins by default, while Firefox has implemented click-to-play protection on recent updates (but not for this newer build). Users of other web browsers and OSes should check their browser’s add-on settings and – if wishing to follow the recommended advice – disable Java manually.

In the meantime, Java 7 Update 11 32-bit and Java 7 Update 11 64-bit are both available as free downloads for Windows, Mac and Linux.

Your Comments & Opinion

44,875,061
Downloads
Secure & Tested Software
6,480
Reviews
Instant Download 24/7
315,017
Members
10+ Years of Service