Security Alert: Java Security Alert
Date: Oct 16, 2013
Status: Open
Description:
SUMMARY
A critical vulnerability has been discovered in the Java Runtime Environment that affects Windows, Mac, and Linux. Exploits have been released in the wild that target the Java plugin in all browsers on these platforms. Users may fall victim to having malicious software installed without their consent.
WHO IS AT RISK
Computers that have Java 7 update 40 (1.7.40) or earlier installed.
Computers that have any version of Java 6 or earlier installed (exception: Apple-provided system Java SE 6 to version 1.6.0_65 for Mac OS X v10.6)
WHO IS NOT AT RISK
Computers that do not have Java installed or that have the Java browser plugin and Java Web Start disabled.
Computers with updated Java installed.
WHAT VERSION AM I RUNNING?
Use these web pages to determine if Java is enabled in your web browser. Scroll down to see the exact version of Java that is running.
http://www.h-online.com/security/services/Java-747799.html
This can also be determined from your command shell with the following command:
java -version
WHAT TO DO
Once an update is available, update your computer to the latest version of Java. An update is not expected until February. Windows users can use the Java control panel applet or download the patch directly from Oracle. Earlier versions of the Mac OS will include the update from Apple. Later versions of Mac OS are only affected if Java 7 was manually installed on the system with a package directly from Oracle. If this is the case, you must also manually upgrade. Linux users should use the package manager from their distribution, unless Java was directly installed from java.com ( RPMs and tarballs are also available directly from Oracle ).
Disable the Java Plug-in
Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers:
- Apple Safari: How to disable the Java web plug-in in Safari
- Mozilla Firefox: How to turn off Java applets
- Google Chrome: See the "Disable specific plug-ins" section of the Chrome Plug-ins documentation.
- Microsoft Internet Explorer: How to disable the Java web plug-in in Internet Explorer