Oracle today rushed out new releases of Java because bad guys are exploiting bugs in the prior version, which was released just two weeks ago.
The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.
The latest releases, Update 13 for Java 7 and Update 39 for Java 6 fix a ton of bugs. According to Eric Maurice
of Oracle, they fixed 44 vulnerabilities regarding the use of Java programs embedded in a web page. In addition, there were 6 other security fixes, plus non-security patches too.
Windows users are advised to un-install and re-install Java rather than doing an upgrade. And, avoid the 64 bit editions of Java as a rule, even on 64 bit copies of Windows.
The latest copy of Java 7 is available here
from Oracle. The latest copy of Java 6 is here
Oracle's Java 7 is available for Windows, Macs running Lion and Mountain Lion, Solaris and Linux. Their Java 6 is available for Windows, Solaris and Linux.
Updated Feb. 1, 2013 10pm ET: Java 6 on Snow Leopard comes from Apple, not from Oracle and it's distributed via the standard OS X software update utility. Sometime between 5:30pm ET and 9:30pm ET today, Apple released Update 39 for their copy of Java 6. Confusingly Apple refers to it as their "Update 12", but that Apple update brings their Java to Update 39.
Mac users with Snow Leopard, such as myself, seem totally screwed. Apple has not released an update for Java 6, so Snow Leopard users can't run Java. When Oracle released Update 38 for Java 6 on Windows, Linux and Solaris, Apple did not update their copy of Java 6.
Yesterday, Apple used the XProtect feature of OS X to block both Java 6 on Snow Leopard and Java 7 on Lion and Mountain. All instances of Java were blocked, not just the old, buggy ones as had been the previous policy. And, they didn't bother explaining themselves.
Safari, Chrome and Firefox were unable to run Java applets in web pages. There were even reports that installed applications could not run Java, but I can't verify this. Needless to say, more than a few Mac users that need Java were upset.
If you are willing to take suggestions from a total stranger, here is advice
on how to modify the XProtect file to re-enable Java 6 on Snow Leopard.
NOTE: This is no longer needed.