/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsHi, it's Will and Art here. We've been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided clear recommendations for disabling Java in web browsers. However, after investigating the Java 7 vulnerability from August, I realized that completely disabling Java in web browsers is not as simple as it should be.
Luckily, Oracle has since added a new option in the Java control panel applet to disable Java in the browser. If you haven't already done so, now is the time to disable Java in the browser.
Surprise, another serious Java vulnerability (VU#625617, CVE-2013-0422), similar in some ways to the last serious Java vulnerability (VU#636312, CVE-2012-4681), has been discovered. Self-quoting from last time:
We strongly recommend disabling Java support in web browsers-and also applying any and all Java security updates.
Is installing the <7u7> update necessary? Yes. Is it sufficient? No.