We’ve seen warnings about viruses from Symantec, McAfee, Microsoft, never Apple, and even those bogus forwards from your parents on Facebook. But in all my years, I have never seen one come from the United States Department of Homeland Security. I’m thinking we should pay attention to this one!
CERT recently discovered a vulnerability regarding Oracle Java 7 where the program does not restrict access to privileged code. While this doesn’t mean much to most people, the truth is that a single line of malicious code can force your computer to execute any program (even remote ones) or give up any of your information to any remote user at any time, with no input by the end users. All previous versions of Java were able to protect the installed computer from this sort of attack, however the newest version is unable to block it. Most alarmingly is the fact that researchers don’t know how to fix it.
Many different government agencies will offer warnings about different software threats, but this is the first time one has just come right out and said to COMPLETELY DISABLE OR UNINSTALL said software!
So how do you know if you have Java 7? Well if you have Windows, go into your Control Panel and look for the Java applet (Mac OS will also have an applet in the Settings menu). On the first tab will be a button labeled “About”. This button will open a screen telling you which version you have.
If you have any version other than 7, you should be fine. If you have version 7, be sure to uninstall it as soon as possible. Since we use Java for so much, however, you’re going to need a way to get it back on your system. Follow this link and find the latest version that is NOT 7 (which I believe is version 6 Build 38) for your computer. You can also follow these instructions to disable Java from within the browser if you prefer.