clock menu more-arrow no yes

Filed under:

Oracle updates Java two weeks early to address more security vulnerabilities

New, 17 comments
Java logo
Java logo

Two weeks ahead of schedule, Oracle has released another update addressing a number of active Java exploits. Just last month, Oracle updated its Java add-on in response to an alert from the US Department of Homeland Security, which recommended disabling Java entirely until the rampant problems were addressed. The previous update also changed Java's default security setting to "High," meaning users must approve Java applets before they run, and made it easier for users to disable Java altogether.

Despite being released two weeks earlier than planned, Oracle's February 2013 Critical Patch Update for Java comes after major hacks on numerous news organizations and even Twitter itself. The blame for these hacks wasn't squarely placed on Java, but Twitter went so far as to restate the Department of Homeland Security's recommendation to disable the plugin. Most browsers have already disabled Java by default — just last week, Firefox announced that it would be implementing a click-to-play feature for browser plugins like Java, and Apple blacklisted the vulnerable plugin to protect users. The February patch is available now, and can be downloaded from Oracle's Java site.