Oracle Releases Java 7 Update 11 in Response to Vulnerability

Oracle has released Java 7 Update 11 of the Java Runtime Environment (JRE) to address a security vulnerability discovered last week.

The latest version of Java 7 can be downloaded directly from Oracle.

As described last week, in light of the newly discovered vulnerability, Apple remotely disabled previous versions via its Xprotect mechanism.

On Sunday, Oracle released an update that fixes the vulnerability. Oracle's Release Notes state:

The default security level for Java applets and web start applications has been increased from 'Medium' to 'High'. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the 'High' setting the user is always warned before any unsigned application is run to prevent silent exploitation."

Mac users who took the extra step of disabling Java applets in their Safari browser can turn that back on in Preferences -> Security -> "Enable Java." Because the new version passes the filter test in the XProtect file, no other action is required after the new version is installed.

Those users who have a specific reason to stay with Java 6 should consult Oracle's release notes and their system administrators on the fix for that version.