New vulnerabilities are discovered all the time, and cybercriminals exploit them in an attempt to infect your computer with malware – which, if they are successful, could mean that they steal your data, your identity, and/or your hard-earned money.
Today, it’s time for Oracle to issue a bumper pack of fixes for its beleagured Java SE platform. According to the company, it incorporates a whopping 40 new security fixes for the product.
All but three of these 40 security holes are particularly nasty “remote code execution” flaws, that could mean that your computer could become infected by malware simply by browsing to a boobytrapped website *without* you realising that any malicious code is being installed.
Cybercriminals adore Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. Because of this, it’s not unusual for us to see attackers use Java as part of their attack before serving up an OS-specific payload.
So, here are your options:
1) If you still *really* need Java, apply the security patches as soon as you can.
2) Deinstall Java entirely. Chances are that if you don’t think that you need Java, you don’t need it.
3) The half-way house. Turn off Java in your wev browser, thus prevent the most common vector for Java-based malware attacks. There is an article on the Naked Security website explaining how to do this for the most popular browsers. Of course, if you go this route you should still apply any Java security updates.
Depending on where you work, options 2 and 3 may be difficult for you to follow. A worrying number of businesses still rely on archaic code which requires Java to properly work. If that’s the case for you, it may be best to have a different browser for surfing the web than the one you need to run that creaky old Java-based app that your IT team wrote in 2003.
Java is getting a bad name for security, so it’s no surprise that more and more people are keen to permanently remove it off their computers rather than risk being hit by a malware attack.
You’re crazy to use Java. Crazier not to patch it.
Read more about the patches on Oracle’s website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.