Blog:2 weeks early Oracle pushes Java 7 Update 13 (where is Update No 12 ?)

[menotu]

Emil Protalinski - 1 February 2013

Just a day after news broke that Apple had blocked Java for the second time this month, Oracle on Friday announced the release of Java 7 Update 13 to address 50 vulnerabilities. The patch comes more than two weeks early (the February 2013 Critical Patch was originally scheduled for February 19), but it was rushed out because Oracle was notified of “active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.”

Oracle says after it received reports of a vulnerability in JRE, it quickly confirmed it and then proceeded with “accelerating normal release testing” for the regular Java update, which it says already contained a fix for the issue. “Oracle felt that, releasing this Critical Patch Update two weeks ahead of our intended schedule, instead of releasing a one-off fix through a Security Alert, would be more effective in helping preserve the security posture of Java customers,” the company said.

Blog

Oracle

[menotu]

By Eric P. Maurice on Feb 08, 2013

Updates to February 2013 Critical Patch Update for Java SE

On February 1st 2013, Oracle released the February 2013 Critical Patch Update for Java SE.  In the blog entry discussing this Critical Patch Update release, I stated that this Critical Patch Update was originally scheduled to be released on February 19th, and that Oracle decided to accelerate the release of this Critical Patch Update because of the exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.

As a result of the accelerated release of the Critical Patch Update, Oracle did not include a small number of fixes initially intended for inclusion in the February 2013 Critical Patch Update for Java SE.  Oracle is therefore planning to release an updated version of the February 2013 Critical Patch Update on the initially scheduled date.

This updated February 2013 Critical Patch Update will be published on February 19th and will include the fixes that couldn’t be released on February 1st.  A new Critical Patch Update Advisory will also be published on February 19th on http://www.oracle.com/technetwork/topics/security/alerts-086861.html to include information about the additional fixes being released.

Note that Critical Patch Updates for Java SE are cumulative.  As a result, organizations that may not have applied the February 1st release will be able to apply the updated Critical Patch Update when it is published, and will then gain the benefit of all previously released Java SE fixes.  As usual, desktop users will be able to install this new version from java.com or through the Java autoupdate.

https://blogs.oracle.com/security/entry/updates_to_february_2013_critical