The Java security saga continued Friday as Oracle released yet another update to the platform just two days after Apple remotely blocked it in OS X. Java 7 Update 13 is available now with a build number of 1.7.0_13-b20, satisfying the minimum build requirement set by Apple’s Xprotect anti-malware software.
As we said when Apple blocked Java for the second time last week:
In early January, the U.S. Department of Homeland Security issued an urgent warning to computer users that a serious exploit had been found in the popular Java plugin. Java had already been the source of several past OS X vulnerabilities so the Cupertino company proactively disabled the plugin in Safari rather than risk another security crisis…
A few days after the news broke, Oracle released an update to address the vulnerabilities…[but] security researchers found that Oracle only addressed one of the two vulnerabilities, leaving the plug-in a still serious security threat.
Java 7 Update 13 now claims to address all known security vulnerabilities. Oracle also mentions that the release of the update was accelerated due to the critical nature of the issue:
Note: The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.
The update is strongly recommended for all Java users. Those on OS X running existing versions of Java will see a Software Update window prompting the installation of the latest fix. All others can also manually download the update from Oracle’s support site.
An update for Java 6 on OS X 10.6 Snow Leopard was also released Friday, although that version was reportedly not susceptible to the critical vulnerabilities at issue in Java 7.