I know most of my readers probably don’t follow this kind of stuff, but basically earlier this week a pair of serious java exploits were released and then very quickly incorporated into some very easy-to-use and widely known hacker tools.
The flaws affect Windows, Linux, and MacOS. None are safe.
Via Krebs, Oracle has released a patch:
Windows users can grab the update by visiting the Windows Control Panel and clicking the Java icon (or searching for “Java”). From there, select the Update tab and the Update Now button. Note that the updater may auto-select a toolbar like the “Ask Toolbar;” if you don’t want that as well, de-select it before proceeding. Mac and Linux users can get Java 7 Update 7 from this link.
Krebs actually recommends you completely disable java since it’s full of holes, but like me many of you probably have to have it running because of web applications you use in your day jobs.
Great. The fix is for OS 10.7.3 or higher. I guess they don’t care about us schlubs who are running 10.6.