Hasta La Gadget!

Oracle has quickly whipped up a fix for its much-maligned Java, after the US Department of Homeland Security recommended web users disable or remove the software to secure their internet use. Java 7 Update 11, released late on Sunday, changes the default security settings so that unsigned Java applets or Web Start applications prompt for permission to run first, as opposed to the potentially dangerous previous behavior where they could operate without permission.

According to Oracle’s release notes for Update 11, that’s the most significant change, and one which instantly adds an extra degree of protection to users. The DoHS’s concern had been that malicious web content could run without any checks by default, presenting a malware or phishing risk, among other things.

“The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation”

Meanwhile, the update also addresses other, unspecified fixes for security vulnerabilities. Still outstanding, however, are a couple of issues; one, where the security level slider no longer indicates the correct level of the settings, in some circumstances, in addition to some JavaFX plugin issues. Oracle suggests uninstalling the standalone copy of JavaFX 2.x to address it, though will release a subsequent update to fix it properly.

The new version of Java can be downloaded here. There’s also more information on what Update 11 changes – and the reasons behind it – here.

Java fix released after “do not use” warning is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Java isn’t good for your for your computer’s health right now. It can mess it up pretty bad. Bad enough that the Department of Homeland Security is warning us all to turn it off. OK, but how do you do that? Fortunately, it’s not that hard. More »

Apple has recently released a Mac update for OS X Lion and Mountain Lion that removes its Java plugin from all OS X browsers. If you install the update, you’ll find a region labeled “Missing plug-in” in place of a Java applet; of course, Apple can’t stop you from clicking on it to download a Java plug-in directly from Oracle. The Cupertino-based company had previously halted pre-installing Java in OS X partially due to the exploitable factors of the platform, so this update signifies further distancing from Larry Ellison’s pride and joy.

Filed under: Internet, Apple

Apple says no Java for you, removes plugin from browsers on OS X 10.7 and up originally appeared on Engadget on Thu, 18 Oct 2012 19:34:00 EDT. Please see our terms for use of feeds.

Permalink Ars Technica  |  Apple Support  | Email this | Comments

Oracle CEO Larry Ellison has laid any rumors of another acquisition to rest today. Many were thinking that NetApp might be the next buyout target for Oracle, which has already purchased 8 other companies this year, but speaking to CNBC today, Ellison said that Oracle is done acquiring other companies… at least for now. Instead, Oracle will be focusing on its own “organic growth” for a while, as the company thinks it has all of the pieces in place to facilitate such growth.

“We’re not planning any major acquisitions right now,” Ellison told CNBC’s Closing Bell at the Oracle OpenWorld conference. “We are really focused on the fact that over the last seven or eight years, we’ve re-engineered all of our applications for the cloud. We think that’s a huge opportunity for organic growth.” So, it seems that a NetApp acquisition is off the table, but that doesn’t necessarily mean that Oracle won’t bite at some point in the future.

Ellison went onto say that NetApp would be a major acqusition, saying that NetApp is a good company but reiterating Oracle’s intention to focus on growth instead of new buyouts for the time being. Once Oracle has buckled down and stockpiled some cash, however, the company could pursue more acquisitions, but from Ellison’s phrasing, it seems like any big purchases are a few years down the road.

For now, Oracle has the cloud market on lock down, with Ellison saying that his company has made it very hard for any niche cloud provider to compete. Hearing that, it’s no wonder that Oracle wants to focus on its own growth and stay away from new acquisitions for a while. We’ll be watching Oracle closely in the coming months, so keep it tuned right here to SlashGear for more information.

Oracle isn’t planning NetApp acquisition, Ellison says is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Oracle has recently been at the receiving end of criticism when a zero-day exploit was discovered in Java, an exploit which we were told had been brought to Oracle’s notice months ago. Oracle broke its quarterly schedule to ship out a patch for the exploit once the web became abuzz with it. However, that doesn’t mark the end of Oracle’s Java woes.

A security firm has revealed a new vulnerability in Java which affects multiple versions of Java and even the latest patch from Oracle doesn’t do anything to fix it. The flaw is related to the way Java handles data types, leaving a gaping vulnerability which allows for a complete bypass of Java sandbox. (more…)

By Ubergizmo. Related articles: Jury rules that Google violated copyright laws in Oracle trial, Android contains code copied from Java?,