You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Security Alert: Java Security Alert

Date: Aug 30, 2012

StatusOpen

Description:

SUMMARY

A critical vulnerability has been discovered in the Java Runtime Environment that affects Windows, Mac, and Linux. Exploits have been released in the wild that target the Java plugin in all browsers on these platforms. Users may fall victim to having malicious software installed without their consent.

WHO IS AT RISK

Computers that have Java 7 update 10 (1.7.10) or earlier installed.

WHO IS NOT AT RISK

Computers that do not have Java installed, have the Java browser plugin disabled, or those that have Java 6 (1.6.x) installed.

WHAT VERSION AM I RUNNING?

Use this web page to determine if Java is enabled in your web browser. Scroll down to see the exact version of Java that is running.

http://www.h-online.com/security/services/Java-747799.html

This can also be determined from your command shell with the following command:

java -version

WHAT TO DO

Once an update is available, update your computer to the latest version of Java. An update is not expected until February. Windows users can use the Java control panel applet or download the patch directly from Oracle. Mac users are only affected if Java 7 was manually installed on the system with a package directly from Oracle. If this is the case, you must also manually upgrade. Linux users should use the package manager from their distribution. RPMs and tarballs are also available directly from Oracle.

http://www.oracle.com/technetwork/java/javase/downloads/jre7u7-downloads-1836441.html

Disable the Java Plug-in

Disabling the Java web browser plug-in will prevent Java applets from from running. Here are instructions for several common web browsers:

  • Apple Safari: How to disable the Java web plug-in in Safari
  • Mozilla Firefox: How to turn off Java applets
  • Google Chrome: See the "Disable specific plug-ins" section of the Chrome Plug-ins documentation.
  • Microsoft Internet Explorer: Change the value of the UseJava2IExplorer registry key to 0. Depending on the versions of Windows and the Java plug-in, the key can be found in these locations:** HKLM\Software\JavaSoft\Java Plug-in{version}\UseJava2IExplorer
    • HKLM\Software\Wow6432Node\JavaSoft\Java Plug-in{version}\UseJava2IExplorer
    • The Java Control Panel (javacpl.exe) does not reliably configure the Java plug-in for Internet Explorer. Instead of editing the registry, it is possible to run javacpl.exe as Administrator, navigate to the Advanced tab, Default Java for browsers, and use the space bar to de-select the Microsoft Internet Explorer option.
  • No labels