Loopholes found in Java are often used as a source of exploit to compromise your computer. Recently, after discovering a vulnerability in the latest Java update, the US Computer Emergency Readiness Team (US-CERT) issued the following vulnerability note:
Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. In the note it was confirmed that that Windows, OS X, Linux and other platforms that use Oracle Java 7 were affected.
After learning this, Mozilla added the update to its add-on block list but allowed the use of Java 7, if needed. Apple completely disabled the plugin on its Mac OS X. Oracle too, confirmed the news and informed Reuters that a fix would soon be offered. The statement was indeed true. Oracle on Sunday released Java 7 Update 11 to address the recently exposed security vulnerability.
Java 7 Update 11
In its security alert, the company highlighted the fixes included in the new update are the change in the default Java Security Level setting from “Medium” to “High”. With the “High” setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
The security alert also addressed another vulnerabilities affecting Java running in web browsers. Oracle strongly recommended customers to apply the updates provided by this Security Alert as soon as possible.
You can download the Java 7 update 11 directly from the Oracle website. It addresses the CVE-2013-0422 security issues.