This past year has not been a good one for Oracles Java platform. There have been numerous reports of security holes in Java that allows malicious users to infiltrate your computer, steal information, and install malware. Java has been disabled and re-enabled on Apple computers, and users are repeatedly told to install the latest updates to keep their computer safe.
Last week two tech heavyweights Apple and Facebook reluctantly admitted that computers on their networks were hacked as a result of a Java exploit.
A statement from Apple to Reuters:
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers”
From Arstechnica on Facebook:
“Facebook officials said they recently discovered that computers belonging to several of its engineers had been hacked using a zero-day Java attack that installed a collection of previously unseen malware.”
In response or as a result of these high profile breaches, on Tuesday February 19, Oracle has released
Critical Patch Update 7u15 to fix five security vulnerabilities including ones that would allow remote attackers to compromise the computer.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.
SecureNU recommends that users install the latest update to Java to help protect your computer.
Instructions on: How to Update Java for both Apple and PC’s.
[Editors Note: By now you are probably feeling tired of constantly installing Java updates. I too am frustrated with the insecurity of Java coupled with the requirement that I must use it for regular business activities.
Unfortunately until there is a permanent fix to these problems, we users will have to continually apply available patches in order to secure our computers. Another way to think of it, every time you install the update you are doing your small part in keeping the University and its community safe from criminals, thieves, and all around bad people. Security is everyone’s responsibility and each of us must do what we can to maintain a safe and productive environment. ]
US-CERT ALERT (TA13-051A) – Oracle Java Multiple Vulnerabilities