If you’re crazy enough to still be using Java, make sure to install the 40 new security vulnerability fixes today

JavaIf you want to maintain the security of your computer, one of the most important things you can do is make sure that your applications and operating systems are updated with the very latest security patches.

New vulnerabilities are discovered all the time, and cybercriminals exploit them in an attempt to infect your computer with malware – which, if they are successful, could mean that they steal your data, your identity, and/or your hard-earned money.

Today, it’s time for Oracle to issue a bumper pack of fixes for its beleagured Java SE platform. According to the company, it incorporates a whopping 40 new security fixes for the product.

All but three of these 40 security holes are particularly nasty “remote code execution” flaws, that could mean that your computer could become infected by malware simply by browsing to a boobytrapped website *without* you realising that any malicious code is being installed.

Cybercriminals adore Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. Because of this, it’s not unusual for us to see attackers use Java as part of their attack before serving up an OS-specific payload.

So, here are your options:

1) If you still *really* need Java, apply the security patches as soon as you can.

2) Deinstall Java entirely. Chances are that if you don’t think that you need Java, you don’t need it.

3) The half-way house. Turn off Java in your wev browser, thus prevent the most common vector for Java-based malware attacks. There is an article on the Naked Security website explaining how to do this for the most popular browsers. Of course, if you go this route you should still apply any Java security updates.

Depending on where you work, options 2 and 3 may be difficult for you to follow. A worrying number of businesses still rely on archaic code which requires Java to properly work. If that’s the case for you, it may be best to have a different browser for surfing the web than the one you need to run that creaky old Java-based app that your IT team wrote in 2003.

Java is getting a bad name for security, so it’s no surprise that more and more people are keen to permanently remove it off their computers rather than risk being hit by a malware attack.

You’re crazy to use Java. Crazier not to patch it.

Read more about the patches on Oracle’s website.

Tags: , , ,


, , ,

2 Responses

  1. Tim June 18, 2013 at 8:49 pm #

    Can't immediately determine whether they have released a patch for 6.x. Latest (prior to today) was v6u45…and that still seems to be the offered version here.

    http://www.oracle.com/technetwork/java/javase/downloads/jre6downloads-1902815.html

    v7.x introduced some known bugs (random login prompts when behind an authenticating proxy leading to account lockouts) which is a show-stopper for many corporate users and means having to stay on v6.x.

    If this really is the end of v6.x updates, that's a big problem…

  2. Marc Ruef (@mruef) June 19, 2013 at 8:25 am #

    I like the title of this post :D

Leave a Reply

XSLT by CarLake