Oracle releases v11 fix for zero-day Java security flaw

Sponsored Links

Michael Grothaus
January 14th, 2013
In this article: fix, java, Mac, malware, oracle, os x, OsX, patch, zero day, ZeroDay
Oracle releases v11 fix for zero-day Java security flaw

Oracle has released an official fix for the Java security flaw that was reported by CERT (the Computer Emergency Readiness Team) on January 11. Shortly after the flagging by CERT, Apple took steps to disable the Java plug-in on all Macs running OS X 10.6 or later by amending the XProtect malware/minimum versions file.

Users who want to re-enable a secure, working version of Java can download the update here. The update is recommended for users on all operating systems including Windows and Linux. Of course, if you don't need to be running a Java VM for a specific reason, your most secure path is to not have it installed.

At a minimum, you might consider TJ's reasonable advice and reserve your browser-centric Java activities to a single-site browser like, or simply leave Java disabled for browser access most of the time and only turn it on when specifically required.

From the release notes, Oracle states: "Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 'in the wild,' Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."

Apple no longer distributes its own version of Java for Macs running OS X 10.7 or higher. Oracle is now directly responsible for producing and updating the Mac JRE package, as it does for other mainstream operating systems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget