“This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A – Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers,” Oracle noted in a security alert.
This update also includes a change to the default Java Security Level setting from Medium to High, meaning the user is now always prompted before any unsigned Java applet or Java Web Start application is run.
With this, the current nightmare for Oracle might be over, but experts claim that there are still several vulnerabilities in Java, which need to be fixed.
Adam Gowdiak, a researcher with Poland’s Security Explorations, told Reuters that the update from Oracle leaves unfixed several critical security flaws. “We don’t dare to tell users that it’s safe to enable Java again,” said Gowdiak.
Earlier, critical security vulnerability was found on Java 7 Update 10, which allowed hackers to install malicious software on computer systems. The US Department of Homeland Security later issued a vulnerability note detailing the bug and urged users to disable Java on their computers.