Tuesday, August 28, 2012

Java 7 update 6 exploitable

In the last update of Java (v7 update 6) there was a 0-day exploit found and being used. This can affect all computers running Java 7 and all web browsers.

What this means is that there's a big problem in using the latest Java and it could hurt your computer. You can go to www.isjavaexploitable.com to test your computer. The site is run by a reputable computer security company and will show if you're vulnerable to the exploit.

It has been recommended by numerous security companies to remove Java 7 completely, though some are calling for complete removal until Oracle fixes it, and some are saying it's okay to use Java 6 in the mean time. If you use Java 6, be aware that it comes with its own vulnerabilities.

Another option, if you think you're savvy enough, is to request an unofficial patch from DeepEnd Research. They'll e-mail patches on request, but this is not intended for home use. Note that this has not been verified or approved by Oracle.

Now, you may be wondering, "Won't Oracle, who is responsible for Java, patch this as soon as possible?" The answer is "Perhaps not." Oracle usually releases 3 major updates a year in February, June, and October with bug fixes released around 2 months after the major update. The next update is expected to come in October. It is rare for Oracle to update at all outside of this schedule, though the attention might change their minds. To my knowledge and searching, Oracle has not released a comment pertaining to this yet.

If you don't know what version of Java you have, go to a command prompt.

  • For Windows, you can press Win-R, type "cmd", hit enter.
  • For Macs, Go to Applications > Utilities > Terminal.
  • For Linux, just go to a shell.

Then type in "java -version" and see what comes up. If you see a version of 1.7 or higher, you susceptible to the exploit. If it says 1.6, you should be OK. Well, as OK as you can be with Java 6 at least.

So be on your guard. Don't go to suspicious websites as usual. Play it safe.

No comments:

Post a Comment

Place your comment here and thanks for your opinion!