What is Java? Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. It’s also used by many other kinds of technology, from smartphones to parking meters to game systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
Where is Java found on my computer? The manufacturer probably installed it. If you have automatic updates for Java on Windows turned on (it’s called Java Auto Update), it’s updating itself. To configure Auto Update, you will need to open your Java program. For most Windows users it is found within the Control Panel. Java should update itself automatically for Mac users as well, but in case you aren’t sure, you can find information on updating Java for Mac here.
What's the problem? Java 7 has a vulnerability, unless you install the latest patch. This Internet security "hole" can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Should you visit an infected or compromised web site, there are toolkits allowing someone to gain control of your computer by leveraging the hole in Java. Last week, the US Department of Homeland Security issued a warning to Americans, recommending we temporarily disable Java on our computers to minimize hacking opportunities.
How do I fix it? Visit the Oracle Java site to learn if you have the latest version. Click the “Do I have Java?” link to determine which version you have.
- Update your Java to get the patch available to fix the issue. At this writing, the latest version with a patch to address this vulnerability is 7.11. (Read our update.)
- Disable Java in web browsers, unless "it is absolutely necessary," DHS still recommends. Oracle has a page with detailed instructions.
- Take this opportunity to review your security software. Make sure your subscription is still valid and the product is up to date.
- Review your operating system (like Microsoft IE) and other key programs (like Adobe Reader as we suggested here) to be sure you are using the most current versions and have applied all appropriate patches.
To learn more, please view:
Oracle Security Assurance blog: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
The New York Times:
What precautions do you recommend? Please post a comment below!