As we reported a few days ago about how an extremely critical Java exploit had forced the American government to issue an advisory to users asking them to disable Java in their browsers completely until a security patch is released. Realising the importance of this dire situation, Oracle acted quickly and released a security update called Java 7 Update 11 to users which fixes the problem which had created quite a havoc among security researchers. Though the problem has now subsided, experts are still urging users to stop using Java because of the increasing number of exploits that are being discovered in the technology.
Explaining further changes that are part of the update, the Oracle Security Blog said, “Oracle is switching Java security settings to “high” by default. The high security setting requires users to expressly authorize the execution of applets which are either unsigned or are self-signed. As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet.”
The blog states that this update be applied as soon as possible and also reminds users of the ability to disable the Java plugin from its control panel, ever since the feature was made available in update 10. The latest update for Java can be downloaded from here.
The recent events concerning Java show how weak Oracle’s efforts have been into making Java more secure on the desktop. While the programming language has been going quite strong on the server-side, desktop technologies like applets have been getting less and less secure by the day. Even developers are avoiding the use of Java applet stack since the past couple of years. Apple and Microsoft too have reacted in their own manner to the concerns related to Java that have been sprouting up these days. While Apple uninstalled Java completely by default from their Mac OS X systems a few months back, Microsoft has announced that it will release an out of band security update which fixes a bug allowing remote code execution in the Internet Explorer browser.
