Oracle has updated Java 7 Update 15 to Java 7 Update 17. The update comes just after the vulnerability found by FireEye, a Polish security firm. Java 7 Update 17 fixes two important vulnerabilities of which one was exploited in the wild. The Java updates are always coming in odd numbers now. This is very similar to Linux kernel releases. The stable Linux kernels always come in even numbers.
According to Oracle, the vulnerability exploited by FireEye was already reported to them in early February but they didn’t have time to fix the vulnerability in the last update which was scheduled to be released on 19th of February. Java 7 Update 17 comes with the fixes to that vulnerability and another one which was not yet exploited.
Here’s what Oracle says,
The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE (note that Oracle recently announced its intent to have an additional Java SE security release on this date in addition to those previously scheduled in June and October of 2013). However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert.
Although Oracle has fixed so many vulnerabilities in the recent past, the US government still warns the users of using the Java plugin in their browsers. The recommended action will be to update your Java plugin while keeping it disabled for the time being if you don’t need it.
For Mac OSX
For Solaris and other Operating Systems, you can find the installers here.