Oracle has just released Java SE 7u13, issuing an out-of-band update to address active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers. This update contains 50 new security fixes and applies to all versions of Java 7 before update 13.
Java has received a lot of attention in the last few weeks spurred onward by numerous security issues affecting the software. Just yesterday, Apple blocked the Java plugin with XProtect, likely prompting Oracle to step up the pace in fixing Java in the browser. Java 7u11 and earlier versions of Java 7 contain vulnerabilities that could allow a remote attacker to execute arbitrary code on a vulnerable machine; web browsers using the Java 7 plugin are at high risk.
For those who use Java, we recommend updating immediately. Due to the way Java applets can be embedded in web pages, the bug-riddled software is an easily exploitable attack vector. Although Java is on the decline, it still remains one of the most attractive targets for cybercriminals. Mac users can go to Oracle’s website to download Java SE 7u13 as advised.