Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Another Critical Java Update, You Know What To Do

Just weeks after Oracle pushed out an out-of-band update to patch critical vulnerabilities in Java, the company has again rushed an update to shore up the embattled platform. It's time once again to update (or disable!) Java.

By Max Eddy
February 4, 2013
Java Logo

Java Logo

Just weeks after Oracle pushed out an out-of-band update to patch critical vulnerabilities in Java, the company has again rushed an update to shore up the embattled platform. It's time once again to update (or disable!) Java.

Oracle released the patch this past Friday, though it was originally scheduled for release on February 19. The patch addresses 50 issues, 44 of which are related to the Java Runtime Environment in web browsers.

On the company's blog, Software Security Assurance Director Eric Maurice wrote that the decision to accelerate the release of the patch came after Oracle confirmed that one of the browser vulnerabilities was already being actively used in the wild. "After receiving reports of a vulnerability in the Java Runtime Environment (JRE) in desktop browsers," wrote Maurice, "Oracle quickly confirmed these reports, and then proceeded with accelerating normal release testing around the upcoming Critical Patch Update distribution, which already contained a fix for the issue."

Beyond Patches
In addition to security fixes, the new patch changes the default security settings in Java to "high." This makes Java activities more transparent for users, removing the ability for some Java applets in web browsers to be hidden.

Users will now have to "expressly authorize the execution of unsigned applets allowing a browser user to deny execution of a suspicious applet," wrote Maurice. "As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet."

Maurice went on to note that Oracle recently introduced a Java Control Panel for windows users, which allows users to easily disable Java on their web browsers. For more information on how to disable Java, see our report here. Users looking for alternatives to Java applications can see our list here.

The Future of Java
The recent concerns over Java's security have attracted many critics, and gone as high as the Department of Homeland Security which called for users to disable Java entirely. After a patch was released in January, Oracle's Java security lead Milton Smith promised to "fix" Java.

Part of that plan seems to be addressing critical flaws much quicker, as the company has pushed out two updates outside of its normal quarterly schedule. That certainly helps keep users more secure, but it might not be enough to secure Java's future.

For more from Max, follow him on Twitter @wmaxeddy.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Max Eddy

Lead Security Analyst

Since my start in 2008, I've covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work has been focused on security and privacy services, as well as a video game or two. I also write the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and currently serve as its Unit Chair.

Read Max's full bio

Read the latest from Max Eddy