Security Update: Highly Critical Vulnerability in Java 7 - Currently Being Exploited
Date and Time
ITS received various reports of a Java 7 vulnerability that is currently being exploited by simply having a user visit a website that is host to the attack code. This means both malicious sites, as well as "normal" sites which have been hacked, can compromise a system.
Many security researchers warn that cybercriminals would soon start targeting the flaw on a larger scale.
Advanced Users: For a complete description of the vulnerability, refer to Vulnerability Note VU#625617 (Java 7 fails to restrict access to privileged code).
Java 7 Update 10 and earlier on:
- Mac OS X
WHAT'S THE PROBLEM?
Java is a programming language that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices.
HOW DO I PROTECT MY COMPUTER?
1. Currently there is no update to apply to protect your system.
2. To test your browser to see if Java is enabled, browse to http://java.com/en/download/testjava.jsp
Prior to taking action on the following steps, consult with your IT Support Coordinator:
3. Most work around solutions recommends uninstalling or disabling Java.
However, this is not always practical where Java-based Web applications are necessary for important operations.
Visit http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-securi... on how to disable Java.
4. If you have a reason to use Java, here are a few options:
- Use Google Chrome browser which automatically blocks Java and in cases where web pages tries to access Java, you will receive a message “The Java plug-in needs your permission to run.” and you’ll be prompted to accept or deny.
- Set Firefox to click-to-play for similar protection.