Security Alert: Java Security Alert

Date: Oct 16, 2013

StatusOpen

Description:

SUMMARY

A critical vulnerability has been discovered in the Java Runtime Environment that affects Windows, Mac, and Linux. Exploits have been released in the wild that target the Java plugin in all browsers on these platforms. Users may fall victim to having malicious software installed without their consent.

WHO IS AT RISK

Computers that have Java 7 update 40 (1.7.40) or earlier installed.

Computers that have any version of Java 6 or earlier installed (exception: Apple-provided system Java SE 6 to version 1.6.0_65 for Mac OS X v10.6)

WHO IS NOT AT RISK

Computers that do not have Java installed or that have the Java browser plugin and Java Web Start disabled.

Computers with updated Java installed.

WHAT VERSION AM I RUNNING?

Use these web pages to determine if Java is enabled in your web browser. Scroll down to see the exact version of Java that is running.

http://www.h-online.com/security/services/Java-747799.html

http://www.java.com/verify

This can also be determined from your command shell with the following command:

java -version

WHAT TO DO

Once an update is available, update your computer to the latest version of Java. An update is not expected until February. Windows users can use the Java control panel applet or download the patch directly from Oracle. Earlier versions of the Mac OS will include the update from Apple. Later versions of Mac OS are only affected if Java 7 was manually installed on the system with a package directly from Oracle. If this is the case, you must also manually upgrade. Linux users should use the package manager from their distribution, unless Java was directly installed from java.com ( RPMs and tarballs are also available directly from Oracle ).

http://www.java.com

Disable the Java Plug-in

Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers:

  • No labels