dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6154
share rss forum feed


Triple Helix
Troll Hunter
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

9 recommendations

JAVA 7u11 now available for download



Triple Helix
Troll Hunter
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed

1 edit

2 recommendations

Release Notes & Changelog:

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422.

In addition, the following change has been made:

Area: deploy
Synopsis: Default Security Level Setting Changed to High
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

»www.oracle.com/technetwork/java/···856.html
--
Triple Helix - Microsoft® MVP Consumer Security 2012/13
VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper.
(H59 Clan)


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

2 recommendations

reply to Triple Helix
Thanks TH.

Another 0-day in 3 ... 2 ... 1


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to Triple Helix
Thank, I just had the update notice pop-up myself. I already did have the security level set to high on my system.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

2 recommendations

reply to Triple Helix
Got it, thank you!

However, still leaving it disabled.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

1 recommendation

reply to Triple Helix
Thanks.

We'll see if I can patch everything I need to before the next zero-day shows up.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to La Luna
I keep it enabled, but since I only use Firefox, and use the NoScript add-on, it's essentially disabled by default for most sites. I only enable scripting permanently on sites I regularly visit that need it to work properly. Go to read an article somewhere else, and as long as the sites works properly, I won't temporarily enable scripting. No need to allow scripting on sites that don't need it.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

2 recommendations

reply to Triple Helix
Saw this on the Symantec news forums a little while ago, thanks for the update!


Oregonian
Premium
join:2000-12-21
West Linn, OR

1 recommendation

reply to Triple Helix
Thanks.

baess

join:2011-01-28
Yesterday I disabled my Java but only after manually updating it to 7u10. Java never told me that the update was available. Checked the settings and even though it is set to auto run an update check one hadn't been run since October. Lousy program.


jadinolf
I love you Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8
Reviews:
·DSL EXTREME

1 recommendation

reply to La Luna
said by La Luna:

Got it, thank you!

However, still leaving it disabled.

Me too.
--
Printed on 100% recycled bytes


gugarci
Premium
join:2004-02-25
Lyndhurst, NJ

1 recommendation

reply to Triple Helix
Thanks.


beck
Premium,MVM
join:2002-01-29
On The Road
kudos:1

1 recommendation

reply to Triple Helix
Thank you!


L_ance

join:2002-05-14
Newark, OH

1 recommendation

reply to Triple Helix
Thanks...
--
Lance

grumpi

join:2001-03-28
*****

1 recommendation

reply to Triple Helix
Thanks!


Triple Helix
Troll Hunter
Premium
join:2007-07-26
Oshawa, ON
kudos:7
reply to Triple Helix

slajoh01

join:2005-04-23

4 edits

1 recommendation

I had disabled Java 7 u10 from both IE and Firefox only, but now I do not see the Java plugins at all. Before, I just DISABLED the plugin.
Where did those Java plugins go in Firefox now???

Just installed this new latest version.

Strange. as I re-enabled Java from the Java control panel, it re-appeared under the plugins in Firefox. Would this be normal with Firefox if I enable and disable Java from the Java control panel?

Thanks


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to Triple Helix
Java update still has bugs, says expert

quote:
Java security expert Adam Gowdiak, who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.

I'm shocked I tells ya, shocked!
--
Don't feed trolls--it only makes them grow!

sludgehound

join:2007-03-12
New York, NY
reply to Triple Helix
Thanks. Very fast Run for Win 8 x64 Pro & IE10. No reboot.


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4
reply to baess
said by baess:

Yesterday I disabled my Java but only after manually updating it to 7u10. Java never told me that the update was available. Checked the settings and even though it is set to auto run an update check one hadn't been run since October. Lousy program.

Every time you update Java, it resets the "automatic update" frequency to ONCE A MONTH. You need to change that to daily yourself after every update if you want to rely on Java updating itself.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
There isn't any way to set auto update for Java on Win 8. That's because the 64bit version doesn't have it. Suits me but I was wondering what you guys were talking about since I have no autoupdate setting in the Java panel.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
The 32-bit version of Java, which does have an autoupdate option, is what 99% of users use. If you have a 32-bit browser, and most likely you do, the 64-bit Java isn't used.
--
Don't feed trolls--it only makes them grow!

ctggzg
Premium
join:2005-02-11
USA
kudos:2
reply to Triple Helix
This has the same bug as 7u10 where the installer doesn't add the registry keys for the Firefox plugin. See the end of this thread for my work-around:

»Java Updates/Java SE 6 Update 38/Java SE 7u10


unavailable

@tds.net
reply to Triple Helix
Thanks!

Now, some bad news. This doesn't do a thing to fix the current zero day exploit, except that Java now has an ironically, malware looking pop up that asks for permission to run the applet.

Also, because of a combination of both Apple's and Oracles incompetence no update to 1.7u11 is available for Mac OS 10.6 aka "Snow Leopard. Which, is what I happen to run.

Now, there IS a workaround. I downloaded the 1.7u11SDK and installed it with Pacifist. I also removed Java 1.6 and that broke the Java preferences app. So, I re-installed Java 1.6 with an Apple updater and just unchecked it.

So lame... /rant


RickNY
Premium
join:2000-11-02
Farmingville, NY
Reviews:
·Optimum Online
reply to Triple Helix
Fixes nothing other than setting all security settings to 'High'. Users can still be prompted to execute exploit code, and original vulnerability still exists.

US-CERT still advises disabling Java in the web browser.

»www.us-cert.gov/cas/techalerts/T···10A.html


kkb2
Object of the Panopticon

join:2000-06-11
Colorado
reply to Triple Helix
Installed 7u11, and lost the control panel thingy again!

At least I know how to launch it from the directory.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 edit
reply to StuartMW
said by StuartMW:

The 32-bit version of Java, which does have an autoupdate option, is what 99% of users use. If you have a 32-bit browser, and most likely you do, the 64-bit Java isn't used.

I have BOTH 64bit and 32bit IE 10 on Windows 8. Both Oracle and Microsoft state to install BOTH versions. I use the 64bit version of IE even on the desktop (when I use IE which is not often), but even if using the 32 bit version Microsoft and Oracle say that IE 32 bit is mostly 64 bit on Desktop on Windows 8.

So, by installing 64bit Java for E 10 that makes the Java panel (even though my plugin browsers are all 32 bit) default to the 64 bit version which cannot be auto updated so the button is not there even though the 32 bit version I also have can be autoupdated.

I see I was right to not update (thus risking the Fx bug) since nothing is fixed. I already had the slider at "High". I will not upgrade to Fx 17 ESR either and I had planned to do that this month (before Fx 10 ESR goes unsupported). I don't want Mozilla messing with what should be MY decision about running Java and the reason I am not updating Java. Plus, I don't want Mozilla snooping on my browsing habits. They have become so extremely two faced about privacy.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

baess

join:2011-01-28
reply to angussf
said by angussf:

Every time you update Java, it resets the "automatic update" frequency to ONCE A MONTH. You need to change that to daily yourself after every update if you want to rely on Java updating itself.

Even at once a month it should have checked more recently than October.

After reading the most recent posts it seems as if nothing was fixed so I think I'll disable. I did get the Java pop up on a site which as was stated looks very malware-ish.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
I've had that popup for some time now because I set the earlier version of Java (10) to high for the slider. I see the slider every time I do a speed test on a variety of sites. I don't think the popup looks "malwarish" yet you are the second person in this thread to comment that it does to you. I think it is a very nice looking popup. What makes it look "malwarish"?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

baess

join:2011-01-28

1 edit
reply to Mele20
said by Mele20:

said by StuartMW:

The 32-bit version of Java, which does have an autoupdate option, is what 99% of users use. If you have a 32-bit browser, and most likely you do, the 64-bit Java isn't used.

I have BOTH 64bit and 32bit IE 10 on Windows 8. Both Oracle and Microsoft state to install BOTH versions. I use the 64bit version of IE even on the desktop (when I use IE which is not often), but even if using the 32 bit version Microsoft and Oracle say that IE 32 bit is mostly 64 bit on Desktop on Windows 8.

So, by installing 64bit Java for E 10 that makes the Java panel (even though my plugin browsers are all 32 bit) default to the 64 bit version which cannot be auto updated so the button is not there even though the 32 bit version I also have can be autoupdated.

I have 32 and 64bit IE8 on Win 7 and have both 32 and 64 bit Java installed. Like Mele20 says this is what is recommended. So even though 99% use the 32 bit browser they probably should have both Java versions installed.

I access the Java control panel through Program Files>Java to see the auto update feature. Which in my case didn't even work.