“Oracle has issued an emergency fix for its cross-platform Java software. Java 7 update 11 for Windows, Mac and Linux, and Java 7 Update 11 64-bit for 64-bit versions of Windows and Linux, aims to plug a number of alarming security holes that were being used for phishing attacks and other crimeware,” Nick Peers reports for BetaNews.

“While update 11 should be considered an essential update for all Java users, researchers have warned that the new build is little more than a sticking plaster for the problem, and recommend users actually disable Java from running inside web browsers,” Peers reports. “The update basically sets Java’s default security settings to “High”, which means all code from unknown sources will be flagged before running on the user’s say-so… Researchers warn that despite this new setting, the security can be bypassed by hackers able to mask their code through ‘social engineering.’”

Peers reports, “As a result, the Department of Homeland Security’s Computer Emergency Readiness Team has recommended users should actually disable Java from running in web browsers — even after applying the latest update. The warning is echoed by other experts, including Rapid 7 and Polish company Security Explorations. At the present time, Mac OS X disables Java browser plug-ins by default.”

Read more in the full article here.

MacDailyNews Take: Safari browser users should make sure Java is disabled:

Safari>Preferences>Security and uncheck “Enable Java.”

Related articles:
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010