Seems like Oracle was telling the truth when they said they would release an update to Java soon. Today, they have released Java SE 7 Update 11, which is supposed to take care of the vulnerability discovered last week.
According to The Next Web, the fix also changes the default Java Security Level setting from Medium to High. This is will now prompt users of any unsigned Java applet or Web Start application that is being run. Oracle explains it as such:
This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.
1 Comment