Java 7 update 15 released:
for those who are still using jre 6 ;D
this is the last java 6 public release just to say
All but one of the vulnerabilities fixed today apply to client deployment of Java. This means that these 4 vulnerabilities can be exploited through Java Web Start applications on desktops and Java applets in Internet browsers.
but im am much more concerned to this
The last security fix added by this updated Critical Patch Update release applies to server deployments of the Java Secure Socket Extension (JSSE). This fix is for a vulnerability commonly referred as the “Lucky Thirteen” vulnerability in SSL/TLS (CVE-2013-0169). This vulnerability has received a CVSS Base Score of 4.3
edit added things about the blog post
I have it installed on the two family machines, I use it but only on my test machine
I decided to uninstall Java =/ No more minecraft for me!
That’s the only thing I miss with not having Java too However, you could simply remove Java from any other Internet facing applications and only use it for MC. There’s also a number of self-contained portable versions of Minecraft floating about…
Most of the security risks from Java are from having it enabled in browser(s). The simplest way to fix this is to un-check “Enable Java content in the browser” under the security tab in Java Control Panel.
The minecraft thing was more like a joke =P haven’t played minecraft in a while and I don’t use Java for anything so I un-installed it.
By the way…
I f you install 64 bit java it does not have an update feature at all!
also if you have 32 bit java installed and install the 64bit. when clicking upon java in the control panel you won’t find any update feature any more…Oracle is so stupid…
I agree, I noticed that first when I went to check the latest Java version… like 10 new versions had come out.
It’s been like this for a long time…
weeps and cries like a big baby because of java being greatly vulnerable :‘( :’(
looking in one document posted in wilder it says most exploits target the java plugin and reflection api
kinda wish reflection api was more secure even though i havent read the tutorial parts of it
it is still safe to go to website with jsp so yeah java still have some staying power but not to everyone i guess and j2ee is a larger book and its security probably based on the servers security ( either the server systems or server applictaion unless those serve has their own exploit of their own (RMI has 1 ))
according to the document there is only 1 iirc RMI vulnerability and RMI stands for Remote Method Invocation