Oracle updates Java two weeks early to address more security vulnerabilities

Java logo

Two weeks ahead of schedule, Oracle has released another update addressing a number of active Java exploits. Just last month, Oracle updated its Java add-on in response to an alert from the US Department of Homeland Security, which recommended disabling Java entirely until the rampant problems were addressed. The previous update also changed Java's default security setting to "High," meaning users must approve Java applets before they run, and made it easier for users to disable Java altogether.

Despite being released two weeks earlier than planned, Oracle's February 2013 Critical Patch Update for Java comes after major hacks on numerous news organizations and even Twitter itself. The blame for these hacks wasn't squarely placed on Java, but Twitter went so far as to restate the Department of Homeland Security's recommendation to disable the plugin. Most browsers have already disabled Java by default — just last week, Firefox announced that it would be implementing a click-to-play feature for browser plugins like Java, and Apple blacklisted the vulnerable plugin to protect users. The February patch is available now, and can be downloaded from Oracle's Java site.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.