Oracle releases patch for latest Java hole - update now!

[whizkidraj]

So here's some good news: Oracle has been on the ball and has already come out with a patch. Java 7 Update 11 fixes both CVE-2013-0422 and a second vulnerability.

In the database behemoth's own words:

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Note that the vulnerabilities Oracle just patched don't apply to standalone Java applications or server-side Java installs. They apply only to applets, which run inside your browser.

Your browser routinely and unavoidably puts you in harm's way, since it inevitably downloads and attempts to parse, process and display, untrusted content.

So, even after updating, I recommend that you turn Java off inside your browser unless you know you need it.

By the way, if you do turn Java off in your browser, or think you did, it's worth checking.

A handy place to do so is Javatester.org, a web page that attempts to launch a tiny applet to get the answer "from the horse's mouth", as it puts it.

If you have Java turned off, it will confirm this for you.

If you have Java turned on, it will confirmation the precise version number from the Java Runtime Environment (JRE) itself. This means you can be sure you're running the version you expect.

And now? Stop reading, start patching!
Source and Read more on - Naked Security from Sophos

 

[imsoadude]

Great to see them working so quickly on this hole