Java Zero Day Exploit Fixed in Manual Update Version 1.7.0_07

This week Java was hit hard by a mean vulnerability. The exploit has the ability to deliver malware and viruses to your computer, but Oracle has fixed the problem. All it takes is a quick manual update to solve it.

On Tuesday Java plugins across the net got hit with a zero day exploit leaving thousands of systems infected, and even more vulnerable. The exploit took advantage of a loophole that allowed it to gain elevated permissions within a runtime environment. Normally to gain such permissions would require code signing and system or user authorization. As a result if a web browser equipped with a Java plugin visited a site containing the exploit, the host system of the browser could become infected with a variety of malware.

According to Oracle’s Security Alert for CVE-2012-4681 all systems running JRE 7 Update 6 and earlier are at risk. Those still running JRE 6 must also update to version 35 as all earlier versions are now listed as vulnerable. However, the exploit does not affect servers or standalone desktop apps, only web browsers.

To prevent intrusion from happening now, and in the future, there’s two steps to take. The first is to disable Java plugins for all of your web browsers. The second step is to manually update the Java runtime environment on your computer to build 1.7.0_07-b10 (Update 7) or newer.

Bad Version:

java standard edition update 6

Good Version:

java update 7

The update can be found on Oracle’s website in the official Java download center. While at the site click the Download button under the JRE column of the Java Platform, Standard Edition.

java download center

From the Download list, select the one that matches the Operating System you’re using. If you’re unsure whether you are running 32-bit or 64-bit, check out this guide. If you’re running Linux, we’ll just assume you know. Smile

download java update 7u7

Once the update downloads just run it and Click Install. It’s a one-click procedure, and it takes about one minute to complete.

install java

Alright, hopefully this makes you feel more comfortable with your computer’s security! I know I feel a lot better not worrying about it anymore. With the update installed and plugins disabled, your system should be safe from Java exploits for the foreseeable future.



  1. Chris

    September 3, 2012 at 1:05 pm

    Thanks !!!

  2. s3curityplu5

    September 3, 2012 at 3:15 pm

    You’ve hopefully heard by now that version 7 update 7 may not be as safe as we hope, but I’m sure Oracle will update it once again considering newer vulnerabilities have been reported privately this time.

  3. Nick

    September 4, 2012 at 10:36 am

    Should I leave the plugins disabled always?

  4. Simon H

    September 7, 2012 at 11:23 am

    My advice even before this most recent issue is to only install the Java RTE if you depend on website features that use it.

    If you have already installed it, you can safely uninstall it and there’s a good chance that you wont even notice that its gone.

    If a website does ask you to install it again you can then decide if you really need that website feature and whether it warrants the extra risk from Java RTE.

    • Steve Krause

      September 7, 2012 at 1:56 pm

      Good call Simon.

      Unfortunately for me, I have a bunch of Java Apps which are used at work so I need it installed on my work machine…. For home, it’s gone baby!

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top