Oracle Updates Java 7 to Address Security Vulnerability - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Oracle Updates Java 7 to Address Security Vulnerability

by

java logo newOn Friday, we noted that Apple had taken the rare step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in due to a major security vulnerability that was being actively exploited in the wild. Apple's anti-malware system is capable of enforcing minimum version numbers for plug-ins such as Java and Flash, and Apple simply updated its blacklist information to require that machines be running a higher version of the Java 7 plug-in than was publicly available.

Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple's requirement for a minimum version number of 1.7.0_10-b19.

In addition to the fix for the vulnerability, Java 7 Update 11 also sees a change in the default security level setting from "Medium" to "High". Under the new setting, users will be warned before the Java plug-in runs any unsigned application.

The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Popular Stories

Apple Card iPhone 16 Pro Feature

Apple Card Promo to Offer Free AirPods Pro 3

Friday May 15, 2026 8:59 am PDT by
Starting as early as next week, customers who sign up for an Apple Card at Apple's retail stores in the U.S. will receive $249 cash back when they purchase AirPods Pro 3, according to Bloomberg's Mark Gurman. The promotion has yet to be officially announced by Apple, so exact terms and conditions are not available at this time. AirPods Pro 3 are priced at $249 in the U.S., so customers who...
Read Full Article51 comments
airpods pro 3 pink

New Apple Card Holders Can Get Free AirPods Pro 3, But There's a Catch

Monday May 18, 2026 8:11 am PDT by
Apple today launched a new promotion offering new Apple Card holders the chance to earn back the cost of AirPods Pro 3 through monthly cash rebates, but there is a recurring spend requirement attached. Customers who open a new Apple Card account and purchase AirPods Pro 3 directly from Apple by June 15 will qualify. Starting July 1 and running through April 30, 2027, cardholders can earn $25 ...
Read Full Article63 comments
Apple WWDC25 iOS 26 CarPlay Light mode 250609

Six Popular iPhone Apps Now Available on CarPlay

Thursday May 14, 2026 9:10 am PDT by
Apple's CarPlay system for accessing iPhone apps on a vehicle's dashboard screen has received six popular apps in recent weeks: ChatGPT, Perplexity, Grok, Google Meet, WhatsApp, and the indie artist streaming platform Audiomack. Make sure you have the latest version of each app and they will automatically appear on CarPlay. ChatGPT Starting with iOS 26.4, CarPlay supports voice-based...
Read Full Article29 comments

Top Rated Comments

I
iMikeT
174 months ago
Why is it so often Java that appears to get caught out in these security vulnerabilities? :confused:


Like Windows, it's widely used. It's about making the most amount of damage to the most amount of users.
Score: 6 Votes (Like | Disagree)
R
RMo
174 months ago
Sorry foe the dumb question...I have "Enable Java" UNCHECKED in Safari Preferences, and intend to leave it that way.

Should I download the Java Update anyway?:confused:

Thanks...
Yes. You should either do that or uninstall Java completely, but there's no sense in leaving outdated, vulnerable, exploited-in-the-wild software on your machine, even if you have no plans to use it right now. (What if you try another browser in the future and forget about this?)

No, it can't access your system if you don't use it or even have it enabled.
Unchecking a preference in Safari does not mean it is "disabled" on your entire system. Leave it unchecked if you want, but at least fix the problem (or get rid of it).
Score: 6 Votes (Like | Disagree)
H
hamkor04
174 months ago
"Medium" to "High" isn't it awesome?
Score: 5 Votes (Like | Disagree)
HiRez Avatar
HiRez
174 months ago
When are they just going to kill this pig once and for all? Java on personal or mobile computers is simply not needed today, there are better alternatives. If they want to keep it running for enterprise, fine, but stop subjecting us to this bloated, archaic, insecure monstrosity.
Score: 3 Votes (Like | Disagree)
S
SLFGNR8
174 months ago
Perplexed and need some help

Why am I experiencing the below:

[LIST=1]
* I have Mountain Lion 10.8.2.
* There is no Java in my System Preferences.
* There is no Java app in my Utilities.
* Only references to Java I can find are in my CS6 Suite app folders, allowing custom javascripts.
* Yet when I uncheck "enable java" and "enable java-script" in Safari, there are some websites, like cloud based email services that won't work until I turn them on. When java is enabled via the browsers those sites work fine.
* Even when enabled the http://javatester.org/version.html website says I have a missing plug-in when checking via Safari or with Firefox.
* My Terminal says: java version "1.6.0_37" Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-11M3909) Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)


It appears that the Oracle "fix" installs the full version of Java, which I currently don't have or need.

WHAT SHOULD MY COURSE OF ACTION BE?
Score: 2 Votes (Like | Disagree)
clukas Avatar
clukas
174 months ago
could someone please clarify this for me.

I dont have java in system preferences. I know I am running java as I am using Adobe CS6. I have disabled java in safari.

Am I still at risk, how should I update?
Score: 2 Votes (Like | Disagree)
Read All Comments