Oracle Ships Java 7 Update 11 With Vulnerability Fixes 243
An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."
Is this really a fix? (Score:5, Interesting)
Proper web browsing hygiene protected users from this zero-day vulnerability - but my mom needed this update.
Disaster (Score:5, Interesting)
Too Late Now (Score:5, Interesting)
Re:Java and Flash (Score:5, Interesting)
Java's actually fairly commonly used for line-of-business applications because it's fairly easy to find Java developers ("easy" being synonymous with "cheap"), the tools start at "free", it's sort of platform neutral, and it's been around for a while. Plus, a lot of those Java line-of-business apps were first written 5-10 years ago and, well, they still basically work - given a choice between paying for a total re-implementation of some tool that works "reliably", doing the necessary field testing to prove it's at least as secure, functional, and stable as the current implementation, or just periodically testing it against the latest version of Java, guess what most businesses do?
Now you know why Java exploits are a big deal.
Re:Any announcement of policy changes in Oracle? (Score:2, Interesting)
Their rep and that of Java took a huge punch in the gut. I'm a long time Java developer and I'm fuming at the way Oracle has handled this. When non-techies are associating Java with hacking, this is terrible news for the language and platform. It won't be long before the pointed-headed bosses start calling down to their IT shops making sure "we got all the java out of the computers."
It's already happening. I work as SDM for a major outsourcing company and our clients PHBs are requesting we throw java out as soon as we can eliminate the software that depends on it. I have had three such calls today, and they are for organisations with 10k+ computers. Oracle are really hurting Java with this bad PR.