Looks like Oracle is going to be paying out some overtime to its developers who worked over the weekend to get Java 7 Update 11 released. This emergency update patches the latest (announced January 10th) vulnerability CVE-2013-0422 as well as CVE-2012-3174 from June 2012. They have also changes the way Java interacts with web applications
“The default security level for Java applets and web start applications has been increased from ‘medium’ to ‘high,” Oracle said in the advisory.
This means the user will always be prompted to before an unsigned Java applet or Web Start application can run. Previously, Java applets and applications ran automatically is users had the latest version of Java installed. With the “high” setting, the user is always warned before any unsigned application is run so that attackers won’t be able to launch silent attacks, Oracle said.
User who need Java can get Java Release 7 Update 11 from java.com site. Also users who are still on Java Release 6 should update to Release 7 as they patches may not apply to this release and support for this release is scheduled to end very soon too.
via PC Magazine