Java on your 'puter - Security Risk!!

AlanAlan
edited August 2012 in Other hi-fi gear
Apparently Java (which runs on almost all computers) has a serious security issue which we should all act on now. Advice ranges from un-installing Java altogether to disabling/unplugging it from your internet browser. How-to for Firefox and others here.

As a few on Chews favour a computer front end, this seemed relevant.

It affects all browsers and operating systems including MAC.

"People running the older Snow Leopard (2009) and Leopard (2007) are
apparently not at risk, since Java 7 requires the more recent Lion and
Mountain Lion. The unpatched vulnerabilities are present only in Java 7.

While more than half of all Macs were running Lion or Mountain Lion
as of July 31, statistics on OS X Java 7 installations were unavailable." - computerworld.com.


This may also mean that all older versions of Java, and older OS like Win XP are OK - but check to be sure. Stay safe!

Comments

  • uglymusicuglymusic
    edited August 2012
    Thanks for that, Alan.

    Looking for how to disable Java, I found an app called Java Preferences on my iMac. When it ran, it seems I hadn't installed Java after the formatting over the weekend.

    I'll be looking on the Air and the White MacBook later.

    Edit: However, there are settings in Firefox and Safari on the iMac that suggest Java will run. Maybe it still needs to be installed explicitly for these settings/plug-ins to function.

    Anyway, that's me done on one machine until Oracle get their act together.
  • JimJim
    Funnily enough I have the perfect solution...
  • AlanAlan
    Well, for those of us not using linux ( :P ), there is a Java patch that is designed to resolve the problem, though some have doubts as to it's full effectiveness.

    I'm glad I have Java 6 on my W7 lappy, which athough slightly old, was apparently immune to the problems.
  • uglymusicuglymusic
    Isn't it possible to run Java on Linux?
  • JimJim
    Isn't it possible to run Java on Linux?
    Yup and it works properly


    =))
  • uglymusicuglymusic
    You mean that Oracle didn't put any security holes in Java 7 on Linux?
  • DocfosterDocfoster
    What is the security issue - what's at risk? Is it a virus/malware thang?
  • JimJim
    You mean that Oracle didn't put any security holes in Java 7 on Linux?
    Dunno? Could just be that Linux is inherently more secure.
  • AlanAlan
    Ben - I deliberately didn't describe the issue as I don't understand it - but I think I grasp the fact that websites hosting malware (the kind of bad software that gets into your system in order to harvest your information) had a way of getting onto your computer through the latest Java installations; Java is in most web browsers and on a great many websites in order to make the sites actually work.

    It was something called a 'zero day exploit', and the worry was that these vulnerabilities had been included on the hackers and scammers programme of choice, called 'blackhole exploit toolkit'.

    There - I hope that's as clear to you as it is to me...
  • DocfosterDocfoster
    It was something called a 'zero day exploit', and the worry was that these vulnerabilities had been included on the hackers and scammers programme of choice, called 'blackhole exploit toolkit'.

    There - I hope that's as clear to you as it is to me...
    Ah. So it's a critical mass / gravity / worm hole type thing... :-/
    Dangerous indeed...
    ;-)
  • DocfosterDocfoster
    Seriously, thanks for the news. Is there any word on when the boffins will sort this out?
  • AlanAlan
    Well, it is apparently sorted by the latest update/patch, released a couple of days ago - but al the article I linked to stated, some have their doubts.

    I am waiting a few more days to see what the nerd-scuttlebutt says.

  • PACPAC
    Thanks for the heads-up Alan.  I had that patch installed yesterday, but on reflection just un-installed Java as a security risk not worth taking.
Sign In or Register to comment.