Java 7u17 Released - Security Alert CVE-2013-1493

Oracle have released an updated version of Java (1.7.0_17 and 1.6.0_43) in response to Security Alert CVE-2013-1493 which affects the Java plugin running in browsers. This vulnerability does not affect other Java applications outside of browsers.

In the security alert, Oracle states:

“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.”

Due to the nature of this security alert, all users running Java are recommended to update to this version of Java either by downloading from Oracle, or via Java Update.

Mac users running Snow Leopard or later will receive an updated Java 6 (1.6.0_43) from Apple through the software update mechanism.