Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software. Released Friday, the latest critical patch update contains fixes for 50 different security flaws, 44 of which affect the use of Java as a plug-in for Web browsers.
Friday’s fix was original scheduled for release on February 19. But Oracle said it decided to ramp up the schedule after finding that one of the flaws affecting the Java Runtime Environment was actively being exploited. The new update addresses that specific flaw and includes all of the fixes from January’s update. Oracle has also been criticized in the past for not keeping Java properly protected or updated to guard against security exploits.
Following a recent addition of Java to its plug-in blacklist, Apple has issued an update to its supported Java versions. Apple issued an update that added the latest versions to the system’s browser plug-in blacklist to protect users from any potential threats; however, in doing so it silently blocked a number of people from accessing required Java content, such as banking and financial Web sites.
Unfortunately the Java 7 runtime is not available for those using Snow Leopard, for which the latest version is Java 6. However, Apple has issued its own separate update to Java 6 for Snow Leopard to address the vulnerabilities in this version. The update, which should be available through its Software Update service, should run automatically or can be invoked by going to the Apple menu.
Now that Java is all buttoned up with security which has been an issue for several weeks. It will be interesting to see if any new exploits are brought to the service last time it only took 24 hours. We will have to wait and see how things go over the next week.