Java 7 Update 11 Released to Address Security Issues
On Sunday, Oracle released Java 7 Update 11 in order to address the recent security issues that had lead Mozilla to add recent versions of Java to it's add-on blocklist. With the latest update in place, you should be able to re-enable Java in your browser with peace of mind.
However, according this latest article on Reuters, there may still be further security flaws:
Adam Gowdiak, a researcher with Poland's Security Explorations who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.
"We don't dare to tell users that it's safe to enable Java again," said Gowdia
In case you missed the news, the 0-day exploit allows attackers to run arbitrary code on client systems through malicious web pages. The thing is that this exploit wouldn't have worked if Oracle had issued a complete fix for a insecure implementation of the Reflection API.
Let's assume that's all in the past now - what was changed in this latest update? Mainly the default security level has been changed to high, from medium, for all applets and webstart applications. This means the user is always warned before any unsigned application is run.
One thing: if you have the standalone version JavaFX 2.x installed, you'll have issues seing the security level slider in Control Panel. To get around this just uninstall the standalone version.
This whole issue has people a bit spooked about Java in their browser. Will you go ahead and re-enable Java on your web browser? Or are you going to take the ultra-cautious approach, and wait until security analyists say that all is well with Java?