You may have heard via various news outlets about a security vulnerability in Oracle Java SE 7 that can potentially impact your systems. This is a serious vulnerability that does require your consideration. The security hole applies to Java applets and can affect all browsers (Internet Explorer, Mozilla, Chrome…). It does not apply to standalone Java applications or server-side Java installs.
If you inadvertently click on a compromised Java applet, your system could become infected. This risk became more apparent when included in exploit packs, “crimeware” that hackers rent to use in attacks. However, you must click on the link to become infected—to be successfully exploited, the attacker must trick an unsuspecting user into clicking to a malicious site.
The Security Patch
Oracle has issued a security patch to address the issue. The update will also change the default Java Security Level setting from Medium to High. This will ensure that you are always prompted to confirm an action before running any unsigned Java applet. Although the patch will certainly help rectify the security risk, it remains undetermined if it completely solves it.