We reported Friday that Apple had taken the unusual step of disabling existing OS X installations of the Java 7 browser plug-in due to a major security hole being exploited in the wild. Word now comes of a Java update from Oracle.
Oracle has now released Java 7 Update 11, and the release notes indicate that it does indeed address the vulnerability. The new release registers with a version string of 1.7.0_11-b21, satisfying Apple’s requirement for a minimum version number of 1.7.0_10-b19.
Along with the fix, the update also changes the default security level setting from “Medium” to “High”.
From the update release notes:
Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.