Oracle releases Java 7 update 11 for zero-day flaw but concerns linger

Summary:Oracle has released a security update to Java on the OS X that's recommended for all users, but it doesn't mean that it's totally secure, either.

Apple releases Java 7 update 11 patch for zero-day flaw - Jason O'Grady

A zero-day vulnerability  discovered in Java last week prompted separate warnings from the  US government Apple, and  Mozilla  advising users not to use the software. Apple took the rare step of disabling the Java 7 plug-in on Macs where it is installed by updating its "Xprotect.plist" blacklist, part of the anti-malware built into OS X. 

Oracle  released a patch  for the vulnerability on Sunday and today Apple released Java 7 Update 11 which addresses the vulnerability. But we may not be out of the woods just yet. 

Although Java 7 update 11 satisfies OS X anti-malware's requirement for a minimum Java version number of 1.7.0_10-b19 the U.S. Department of Homeland Security has reiterated its warning that the Java web browser plug-in still poses risks -- even after Oracle's update 11 patch is installed.

"Unless it is absolutely necessary to run Java in Web browsers, disable it [...] even after updating to [Update 11]."

ZDNet's Zack Whitttaker reports that  fixing the zero-day exploit "could take two years,"  quoting Rapid7 chief security officer HD Moore (via Reuters) as saying "The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don't really need Java on their desktop." 

Topics: Apple, Software

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.