Oracle has just released Java 7 Update 11 to address the vulnerability, which we reported on Friday.
The security vulnerability could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.
The security flaw was so serious that the U.S. Department of Homeland Security had warned users to disable or uninstall Java software on their computers. Apple had taken the exceptional step of using its anti-malware tools in OS X to disable existing installations of the Java 7 browser plug-in.
Apple had achieved this by updating its blacklist information to require machines to be running an as-yet unreleased 1.7.0_10-b19 version of Java 7. Since the publicly available version of Java 7 was 1.7.0_10-b18 at that time, all systems running Java 7 failed the check, thud disabling the plug-in.
The release notes confirms that the security vulnerability has been fixed in this update:
The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.
So don’t waste any time, download and install the latest version of Java 7 from the link provided below.
BBC reports that according to security experts Update 11 still has security flaws and they wouldn’t advise users its safe to enable Java again. So keep it turned off until you really need it.