404 Tech Support

Java 7u7 and 6u35 updates address prominent vulnerabilities

Java has released Java 7 Update 7 and Java 6 Update 35 to address vulnerabilities that were known to be exploited “in the wild”. The zero-day became widely known on Sunday and has received much publicity since then. Oracle published a Security Alert for CVE-2012-4681, which also received a US-CERT alert.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.

Java 6, which will stop being supported in February 2013, was also updated to Java 6 Update 35.

You can download the latest Java from Oracle’s Java SE page.