runtime. Security researchers had reported a vulnerability in Java 7 that was being used by
hackers on Windows-based systems.
The flaw allowed attackers to create a drive-by hack. This means that system security could be easily compromised by directing the users to a rogue Web page, which hosts a malicious Java applet. The attacks were observed only on Windows-based platforms. However demonstrations prove that the exploit was successful on other platforms too, which are supported by Java 7.
After the security threat was reported, there was demand for an immediate fix. Considering that Oracle's scheduled update is due in October 2012, there were concerns if the company would issue an official patch at this time. However Oracle reacted quickly to the critical vulnerability by releasing a patched version of the Java 7 runtime.
The new update can be downloaded from the Java SE Downloads Web page. Oracle
recommends that all the users of Java 7 should apply this update.
The vulnerability only lies with the new features of Java 7 runtime. Hence users with older Java runtime installed on their systems need not install the new patch. However Oracle has also updated Java SE 6 to address other bugs. It is thereby recommended that users install the latest updates for this runtime too.