Java 7 and Java 6 Security Updates

SUMMARY: Java 7 and Java 6 Security Updates
POSTED ON: 02/21/2013
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Feb 21 01:25 PM
DESCRIPTION: Oracle released security updates Java 7 u15 and Java 6 u41 to fix multiple vulnerabilities that could allow an attacker to execute arbitrary code on a vulnerable system. Please run Java updates to get the latest build for your version of Java.

Note: if Java is not required for your web apps, we recommend that you don't install Java or disable it, if it is already installed. If Java is required, dedicate one Java-enabled browser for that web app. Use a different browser (with Java disabled) for all other web browsing. This applies to Java, not javascript.

For Windows users:

To update Java 7:

- Go to the Control Panel ("Classic" view in Windows XP and
Vista, or "Icons" view in Windows 7; then go to "Programs" in Windows 8)
- Click on the Java icon
- Go to the "Update" tab from within the Java Control Panel
window, and click on "Update Now"

To update Java 6:

- Go to
- Download the appropriate file for your Windows OS and follow instructions on the website

For mac users:

To update Java 7 (OS 10.7, 10.8):
- Go to

To update Java 6 (OS 10.6.8):
- Go to Apple menu > Software update

or download from

For more information

Oracle Java Multiple Vulnerabilities (US-CERT Alert TA13-051A)

Oracle Java SE Critical Patch Update Advisory - February 2013 (updated)

CERT Vulnerability Note VU#636312 - Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField () fail to restrict access to privileged code

See also "Java 7 Security Vulnerability (Updated 2/6/2013)" under Very Important News at

If you have questions or need assistance, please contact the ITS Help Desk at 956-8883 or email