Oracle has released a critical security update that fixes at least 51 security vulnerabilities in its Java software. Patches are available for Linux, Mac OS X, Solaris and Windows versions of the software.
This update brings Java 7 to Update 45, and addresses a whole mess of security flaws. Oracle says that all but one of the 51 vulnerabilities fixed in this update may be remotely exploitable without authentication.
Updates are available from Java.com and the Java Control Panel. Apple has issued an update to its supported version of Java, which brings Java on the Mac to 1.6.0_65 for OS X 10.6.8 or later. As CNet notes, Apple is using this update to further encourage users to switch to Oracle’s Java runtime, especially for Web-based Java services.
“When this latest update is installed, according to Apple’s documentation it will remove the Apple-supplied Java plugin, and result in a ‘Missing plug-in’ section of a Web page that tries to run a Java applet,” CNet’s Topher Kessler writes. “If you click on the missing plug-in message, the system will direct you to Oracle’s Java Web site so you can download the latest version of Java 7, which will not only support the latest features in the Java runtime, but also include the latest bug and vulnerability fixes. Apple’s last supported version of Java is Java SE 6, and since handing the reigns over to Oracle, has progressively stepped back from supporting the runtime in OS X.”
Broken record alert: If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Oracle likes to remind everyone that 3 billion devices worldwide run Java, and that 89 percent of desktops run some form of Java (that roughly matches what vulnerability management firm Secunia found last year). But that huge install base — combined with a hit parade of security bugs and a component that plugs straight into the Web browser — makes Java software a perennial favorite target of malware and malcontents alike.