Saturday, February 2, 2013

Oracle Java 7u13 Released

Oracle has patched a huge slew of security holes in their JRE, releasing Java 7u13 (aka v1.7 Update 13). A total of 50 CVE security holes have been patched.

You can download the latest Oracle release of Java for Mac here:

You can read about the security patches in 7u13 and related information here:

Be sure to use Oracle's web page, linked above, for downloading Java. Today I ran into a Mac software download site that was linking to Java 7u11, NOT 7u13, a deadly error. (Ahem CNET!).

The 'user' and 'system' checkboxes inside Oracle's Java 'Control Panel' still don't work! You still can't turn off Java except in your web browsers. This is IDIOTIC. I continue to hate you Oracle, you lazy lousy developers.

If you dare to use Java, at least jam the "Security Level" up to 'Very High' until you're already at a trusted website that requires Java. Lower the security level to whatever works on that page after it is reloaded. Remember to jam the security level back up to 'Very High' again before you leave the page. OR alternatively, turn Java entirely off inside each web browser.

I fully expect Java to demonstrate more dangerous security holes leading to more zero day exploits. The Java sandboxing system is a FAILure, is broken and has NOT been replaced. Java remains the single most DANGEROUS software you can install and run on your Mac if you use the Internet. Please be careful. Please don't be a 'LUSER'.

Java requires two things:

1) A total rewrite of its sandboxing system so that it actually works.

2) The donation of the entire Java project to OPEN SOURCE.

I don't trust Oracle. I suggest you don't trust them either. Open source isn't perfect. But there remain a lot of Java enthusiasts out in the world who would LOVE to rewrite and repair the Java JRE and language into something that once again deserves respect. I don't believe that's ever going to happen in Oracle's hands.

Watch for my upcoming tips on ideal Java 'Control Panel' Advanced settings.

No comments:

Post a Comment