Oracle has published a new edition of the Jave Development Kit which includes several security advances. The major alteration in JDK 7u10 is the ability to forbid any Java application from running in the browser, which targeted a low by malware.
The new release of Java also includes some additional security enhancements, most notably a feature that enables developers to set a specific level of security for any unsigned Java applets due to the large number of attacks targeting Java. Oracle’s conclusion to allow users to disable Java applications from running in web browsers could be a crucial step in preventing some of the widespread Java attacks.
“The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument,”
One additional security feature in the new Java release is a dialogue that will warn you when the Java Runtime Environment is out of date or below the security baseline, which will help when new crucial security patches are released for Java zero-days.