Last week a vulnerability in Oracle’s Java 7 Update 10 and earlier was detected. Apple subsequently addressed the issue through the anti-malware system built into OS X, disabling Java 7 plug-ins on Macs where it is already installed.
Oracle has now released Java 7 Update 11 to address the vulnerability. Users of Java can access the free update here.
What is Java and its risks?
This Java issue brings up possible questions in people’s minds. What is Java and why do I need it? Java is a programming language and computing platform first released by Sun Microsystems in 1995. It is the underlying technology that powers programs including utilities, games, and business applications. To learn more about Java and to answer some of these questions, see the Oracle website or the PDF of this month’s issue of OUCH! from SANS.org, dedicated entirely to Java.
Java has become a popular target for cyber criminals and they will use weaknesses in Java to attack computers that have it installed.
What do I do now?
You may have a plug-in for Java running in your browser. This was my experience with Java:
Within my Firefox browser I had a plug-in installed for Java Applet 14.5.0. I clicked the option “Check to see if your plug-ins are up to date” and was told by Mozilla that my Java Applet Plug-in is outdated. Clicking “Update” linked me to Oracle where the latest update is available. Instructions followed for how to update Java on my Mac. After I ran the installation, the plug-in in Firefox changed from Applet 14.5.0 to Java 7 Update 11.
Note that experiences will vary depending on the browser you have installed (Safari, Firefox, and Chrome address plug-ins differently from one another) and its version.
If you are unsure about whether you need to update Java, you can use this link. If no message appears about the status of Java on your system, you can do what I did and see if you have a plug-in for Java in your browser (these will reside in what might be called “add-ons”). Then follow the steps above to update it. If you don’t have Java installed on your system, you can access it from Oracle here.
If you can do without Java, don’t install it or go ahead and disable Java. If you can’t do without it, the best thing to do is to make sure it is current. Windows users can do this by checking the Java icon in the Control Panel and confirming it is the latest version and is set for automatic updating. Mac users will need to update their version of Java themselves by going to the Oracle website.