FYI: Java 7 update 11 released, fixes browser plugin security holes

JRE 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

JDK 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

it fixes the security holes in the browser plug-in component, widely
reported on the IT and mainstream press last Thursday-Friday, many of
which included the usual misinformation-FUD recommending to "uninstall
Java" (the whole JVM) instead of just disabling the plug-in.

In the release notes, ORCL says it has made the browser plug-in NOT
RUN by default any UNSIGNED or "Self-signed" applets without user
confirmation. This effectively should make "zero click surface"
attacks not possible anymore.

Firefox 18 also added a feature asking users to confirm before running
any plug-in content on each web page or a per-page basis. Thus
creating a double-confirmation to run unsigned or self-signed applets.

FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell

_______________________________________________
Ibm-netrexx mailing list
[hidden email]
Online Archive : http://ibm-netrexx.215625.n3.nabble.com/

Hi Fernando,
     *my personal thanks* for this very useful information!

I think it will relax the recent fear a lot!
Thomas.
===================================================
Am 14.01.2013 06:35, schrieb Fernando Cassia:

--
Thomas Schneider, IT Consulting; http://www.thsitc.com; Vienna, Austria,
Europe

_______________________________________________
Ibm-netrexx mailing list
[hidden email]
Online Archive : http://ibm-netrexx.215625.n3.nabble.com/