Oracle has released a sizable number of patches for Java to address 50 vulnerabilities affecting both the browser versions as well as the server. The “Critical Patch Update February 2013” (CPU) for Java had been scheduled for February 19th, but due to one of the vulnerabilities being exploited in the wild, the company brought the release forward. Oracle advises users to install the update as soon as possible because of “the threat posed by a successful attack”. This may explain the sudden move by Apple to disable Java in the browser yesterday (February 1 2013).
The new Java version is Java 7 Update 13, and it comes a mere two weeks after Update 11, which came on the heels of warnings by government bodies that everyone disable Java in their browsers. Also included is a patch for Java 6 Update 39, likely the last patch for version 6 as it was slated to be retired in February.
Thom Infotech advises that its clients remove Java altogether unless they require it for their daily tasks. Most people wouldn’t miss it. For those who do need it, consider disabling it in your browsers. We also recommend using Firefox as it will soon grant users more control by allowing only certain web apps to use Java.