New Java from Oracle. Whoopee. Update ASAP.

Oracle today rushed out new releases of Java because bad guys are exploiting bugs in the prior version, which was released just two weeks ago. 

In their own words

 The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

The latest releases, Update 13 for Java 7 and Update 39 for Java 6 fix a ton of bugs. According to Eric Maurice of Oracle, they fixed 44 vulnerabilities regarding the use of Java programs embedded in a web page. In addition, there were 6 other security fixes, plus non-security patches too.

If you need Java, you should update as soon as possible. Also, see How to be as safe as possible with Java.

Windows users are advised to un-install and re-install Java rather than doing an upgrade. And, avoid the 64 bit editions of Java as a rule, even on 64 bit copies of Windows. 

The latest copy of Java 7 is available here from Oracle. The latest copy of Java 6 is here

Oracle's Java 7 is available for Windows, Macs running Lion and Mountain Lion, Solaris and Linux. Their Java 6 is available for Windows, Solaris and Linux.

Updated Feb. 1, 2013 10pm ET: Java 6 on Snow Leopard comes from Apple, not from Oracle and it's distributed via the standard OS X software update utility. Sometime between 5:30pm ET and 9:30pm ET today, Apple released Update 39 for their copy of Java 6. Confusingly Apple refers to it as their "Update 12", but that Apple update brings their Java to Update 39.  

Mac users with Snow Leopard, such as myself, seem totally screwed. Apple has not released an update for Java 6, so Snow Leopard users can't run Java. When Oracle released Update 38 for Java 6 on Windows, Linux and Solaris, Apple did not update their copy of Java 6. 

Yesterday, Apple used the XProtect feature of OS X to block both Java 6 on Snow Leopard and Java 7 on Lion and Mountain. All instances of Java were blocked, not just the old, buggy ones as had been the previous policy. And, they didn't bother explaining themselves.

Safari, Chrome and Firefox were unable to run Java applets in web pages. There were even reports that installed applications could not run Java, but I can't verify this. Needless to say, more than a few Mac users that need Java were upset.  

It's a bit reminiscent of Seinfeld's Soup Nazi. No Java for you!

If you are willing to take suggestions from a total stranger, here is advice on how to modify the XProtect file to re-enable Java 6 on Snow Leopard. 

NOTE: This is no longer needed. 

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies