An update of Java 7 has been unveiled by the editor. For more security, it allows to avoid the execution of an application through the browser, and introduces safety levels.
The latest update of Java 7 (Update 10) proposed by Oracle aims to strengthen the overall security of the object-oriented language. In particular, it allows to avoid running an application within the browser, and to ensure that it is supported by the JRE (Java Runtime Environment). This lever can be activated by going to the “Security” tab of the Java control console, by unchecking the “enable Java content in the browser” box.
To protect against web attacks and malware exploiting Java vulnerabilities, it was recommended until now to uninstall the Java plugin from browsers. An operation that could be quite tedious to implement. With this update, the Java SE infrastructure now has an additional barrier that can help users and administrators to protect their workstations.
In addition to this feature, security levels can be set that will prevent Java code from being executed if it is not certified or considered secure enough. If the highest level is enabled, user permission will even be required to operate any application. This covers applets as well as Java applications in web or JavaFX mode.
Finally, Java 7 Update 10 introduces a new dialog box to alert users if their JRE version needs to be updated.