Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 17, 2013

Java 7 Update 21 to fix bugs, change applet warning messages

Oracle will release a new version of Java on Tuesday that will include 42 security fixes and will make changes to how Web-based Java content will be presented inside browsers. Thirty-nine of the vulnerabilities patched by the new Java 7 Update 21 (7u21) can be exploited remotely without authentication, Oracle said in a pre-release announcement. In addition to security fixes, the new update will also make changes to how Java applets—Web-based Java applications—are handled and presented in Web browsers that have the Java plug-in enabled.


“The Java 7u21 release introduces changes to security messages related to running Java applets and applications,” Oracle said in a technical document that explains the changes.

In cases where the risk of an attack is lower, like when the applet is digitally signed with a CA-issued certificate, the messages displayed to users will be minimal and there will be an option to automatically trust applications from the same vendors in the future.


The company has published an overview of all use cases of signed and unsigned applets with example of how the warning dialogs will look in each case.


This new release is the result of Oracle’s plan to accelerate its patching cycle for Java and will coincide with the release of security updates for other Oracle applications and middleware products that used to be updated separately.


Link: http://www.computerworld.com/s/article/9238423/Java_7_Update_21_to_fix_bugs_change_applet_warning_messages?source=CTWNLE_nlt_pm_2013-04-16

 

Posted on 04/17
WarningsPermalink