David Baxter PhD
Late Founder
Java SE 7u7 AND SE 6u35 Released
by Sean
August 30, 2012
Oracle has released an update for Java, version 1.7.0_07. Also of note, there's a version 1.6.0_35 that also patches vulnerabilities. You can download the installers from here.
Download
For most users, this will be the best download source: Oracle Java Runtime Environment 7u7 Downloads
More information and options
Java SE Downloads
"This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2012-4681."
Oracle Security Alert for CVE-2012-4681
Description. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Supported Products Affected
Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below. Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.
Affected product releases and versions:
Java SE 7u7
This releases address security concerns. Oracle strongly recommends that all Java SE 7 users upgrade to this release. JavaFX 2.2 is now bundled with the JDK on Windows, Mac and Linux x86/x64. Learn more
Java SE 6 Update 35
This releases address security concerns. Oracle strongly recommends that all Java SE 6 users upgrade to this release. Learn more
by Sean
August 30, 2012
Oracle has released an update for Java, version 1.7.0_07. Also of note, there's a version 1.6.0_35 that also patches vulnerabilities. You can download the installers from here.
Download
For most users, this will be the best download source: Oracle Java Runtime Environment 7u7 Downloads
| Java SE Runtime Environment 7u7 | ||
| You must accept the Oracle Binary Code License Agreement for Java SE to download this software. Thank you for accepting the Oracle Binary Code License Agreement for Java SE; you may now download this software. | ||
|---|---|---|
| Product / File Description | File Size | Download |
| Linux x86 | 54.55 MB |  jre-7u7-linux-i586.rpm |
| Linux x86 | 45.79 MB |  jre-7u7-linux-i586.tar.gz |
| Linux x64 | 52.7 MB |  jre-7u7-linux-x64.rpm |
| Linux x64 | 44.52 MB |  jre-7u7-linux-x64.tar.gz |
| Mac OS X | 50.03 MB |  jre-7u7-macosx-x64.dmg |
| Solaris x86 | 45.32 MB |  jre-7u7-solaris-i586.tar.gz |
| Solaris x64 | 14.79 MB |  jre-7u7-solaris-x64.tar.gz |
| Solaris SPARC | 48.57 MB |  jre-7u7-solaris-sparc.tar.gz |
| Solaris SPARC 64-bit | 17.3 MB |  jre-7u7-solaris-sparcv9.tar.gz |
| Windows x86 Online | 0.85 MB |  jre-7u7-windows-i586-iftw.exe |
| Windows x86 Offline | 29.73 MB |  jre-7u7-windows-i586.exe |
| Windows x64 | 31.18 MB |  jre-7u7-windows-x64.exe |
More information and options
Java SE Downloads
"This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2012-4681."
Oracle Security Alert for CVE-2012-4681
Description. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Supported Products Affected
Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below. Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.
Affected product releases and versions:
| Java SE | Patch Availability |
|---|---|
| JDK and JRE 7 Update 6 and before | Java SE |
| JDK and JRE 6 Update 34 and before | Java SE |
Java SE 7u7
This releases address security concerns. Oracle strongly recommends that all Java SE 7 users upgrade to this release. JavaFX 2.2 is now bundled with the JDK on Windows, Mac and Linux x86/x64. Learn more
Java SE 6 Update 35
This releases address security concerns. Oracle strongly recommends that all Java SE 6 users upgrade to this release. Learn more
