Oracle patches Java exploits, toughens its default security levels (update: Apple does too)
![](https://s.yimg.com/ny/api/res/1.2/pmzhKbgeL2l1OH0Fos3YJQ--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTc2NQ--/https://s.yimg.com/uu/api/res/1.2/UQroSqdHhiQgYLVypQUacg--~B/aD00NTA7dz01NjU7YXBwaWQ9eXRhY2h5b24-/https://www.blogcdn.com/www.engadget.com/media/2013/01/us-cert-java-warning.jpg)
Oracle hasn't had a great start to 2013. It's barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well -- it makes the "high" setting the default and asks permission before it launches any applet that wasn't officially signed. If you've been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves.
Update: Apple has released its flavor of Java built for Macs with the appropriate patch as well.
[Thanks, Trevor]