Oracle has rush-released a fix for a widely-reported major security flaw in Java which renders browser users vulnerable to attacks . Here’s how to install it.
To update, hit the Java site and download a fresh Java installation. Take care when clicking through the installer; it will try and install an unwanted Ask.com crapware toolbar as well. Make sure you untick that option.
If you’re on Windows have automatic updates enabled for Java, you will receive these updates automatically. Follow the steps above to speed up the process. The blog post below links to resources for updating more complex Java installations.
Security Alert for CVE-2013-0422 Released [The Oracle Software Security Assurance Blog]
How about an explanation of why we even need Java in the first place I have mine switched off and not suffering any for the lack of it.
But how would you play minecraft? :)
Hah.! That explains both why I don't and haven't needed it at all in one sentence. :)
You need Java if you want to run anything designed to run in Java. That's all the explanation necessary. There are a lot of things that run in the Java runtime. If you never use any of them, you don't need Java installed. The same principle applies to any software - if you don't need to browse the web, you don't need a web browser installed, etc.
Pushing up the security setting by default and making it easier to switch off isn't a fix. You shift the problem to trusting the end user to know which applet is malicious and which isn't (the block/allow message is the same) or, shut it off. Shut it off is worst 'fix' ever claimed by anyone in the history of ever. Sorry Angus, these are just not fixes.
"With this Security Alert, and in addition to the fixes for CVE-2013-0422 and CVE-2012-3174, Oracle is switching Java security settings to “high” by default."
"In addition to the fixes", not instead of.