Oracle has released Java SE 7 Update 11, containing important security fixes. See OracleSecurity Alert CVE-2013-0422 to learn more. Oracle strongly recommends that all Java SE 7 users upgrade to this release. Read the Release Notes for additional details about this release. Download Java SE 7 update 11.
A user may control, via the Java Control Panel, the level of security that will be used when running unsigned (also called "untrusted" or "sandboxed") Java apps in a browser. The user may select from five levels of security. See the "Setting the Security Level of the Java Client" documentation for to see what the settings do and how users can tighten security. You can also read Henrik Stahl's blog Oracle JDK 7u10 Released with New Security Features.
Because this is an out-of schedule release remediating security vulnerabilities, going forward Oracle will increment the release number for all subsequent Java 7 releases by two numbers in order to continue having CPUs as odd numbers and limited updates as even numbers. For example, the next Java CPU release, scheduled for Feb 19, 2013, the JDK 7 release version will be renamed to Java SE 7u13.
--
關於此次JAVA漏洞事件,危害僅止於JAVA APPLET,而是否有安裝JAVA的電腦並無太大關聯,但基於安全考量JAVA也於13號更新安全性問題(版本),往後也還有13版更新,如安全考量可提高安全性或更新新版JAVA即可。
