The latest Java release, update 10 on December 11, allows users to restrict Java from running in web browsers. The newest version of the Java Development Kit, JDK 7 update 10, provides the ability to prevent any Java application from running in the browser. Since Java has been subject to so many security vulnerabilities and other miscellaneous attacks, this was the best move by Oracle.
It includes a good amount of security enhancements also, including the ability to set a specific level of security for any unsigned Java applets.
Some of the exploits seen in the past have made it clear that this was needed also for the unsigned Java applets. It calls for more default deny technology, which restricts quite a bit of features, but includes greater security.
That’s the biggest problem in applications and operating systems, is that developers do not want to suppress the features so much, but also don’t want a bunch of security threats. So, finding that balance is very important.
Allowing these new enhancements for the security of Java will help prevent a slew of Java attacks and keep people from turning away from Java. Most people will try to find alternatives if a plugin keeps getting attacked, e.g. Foxit Reader or Nitro Reader replacing Adobe Reader.
“The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument,” Oracle said.
The final security feature released includes the ability to warn the user when the Runtime Environment (JRE) is out of date or below security standards.
How to enable this feature:
- Go to the Control Panel.
- Find the Java icon and double-click on it.
- Click the Security tab.
- Uncheck “enable Java content in the browser”.
Oracle has issued a critical advisory for multiple (30) vulnerabilities in Java Runtime Environment. Most of the flaws involve Java Runtime Environment, however a couple of them are issued for JavaFX.
Here is our update table:
Version affected: JRE version 7 update 7 and previous => need update 9 now
Version affected: JRE version 6 update 35 and previous => need update 37 now
Version affected: JRE version 5 update 36 and previous => no patch available!
As always, you can get the latest Java updates from the following methods:
- WINDOWS = Access Start > Control Panel > Java. Click the Update Tab and select Update Now. (You can also enable automatic updates through this method)
- Any other method: http://www.java.com – click the Free Java Download. It should auto-detect your system.
NOTE: If you use the offline installer found on java.com, make sure you’re aware that it bundles either Ask Toolbar or McAfee Security Scan Plus. It isn’t recommended to install either one, but that choice is up to you.
Read more about different Java issues: