Oracle publie ce soir une nouvelle mise à jour (update 11) de Java 7 après la détection d'une faille de sécurité affectant les update 9 et 10. Une faille qui est déjà exploitée par des hackers via des pages spécialement conçue.

Pour rappel, un rapport avait été publié par le CERTA au milieu de la semaine concernant son fonctionnement et l'ANSSI avait préconisé de désactiver le logiciel afin d'être en sécurité.

Voici les notes de version (en anglais):

Reminder
If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel. If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.

Bug Fixes

In addition, the following change has been made:

Default Security Level Setting Changed to High

  • The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

:dl: Télécharger Java Runtime Environment 7 Update 11 (navigateurs 32 bits)
:dl: Télécharger Java Runtime Environment 7 Update 11 (navigateurs 64 bits)