it.ucsf.edu

Security Update: Oracle Releases Java SE Critical Patch Update to Address 42 New Security Fixes

Status Type

Security Update

Date and Time

Wednesday, April 17, 2013 - 08:58

Reason

Security Update

Impact

Web browsers using the Java 5, 6 or 7 plug-in.

WHAT HAPPENED?
 
Oracle has released Oracle Java SE Critical Patch Update Advisory to address 42 new security fixes across Java SE products of which 2 are applicable to server deployments of Java.
 
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.
 
Advanced Users: For a complete description of the vulnerability and updates, refer to Oracle Java SE Critical Patch Update Advisory - April 2013.
 
 
AFFECTED SYSTEMS:

  • Web browsers using the Java 5, 6 or 7 plug-in are at high risk.

 
WHAT'S THE PROBLEM?
 
Java is a programming language that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices.
 
 
HOW DO I PROTECT MY COMPUTER?
 
These and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.
 
1.    Disable Java in web browsers


To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates have been installed. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.
 
However, this is not always practical where Java-based Web applications are necessary for important operations.
 
Visit http://www.kb.cert.org/vuls/id/636312 on how to disable Java.
 

2.    If you have a reason to use Java, here are a few options:
 

  • Use Google Chrome browser which automatically blocks Java and in cases where web pages tries to access Java, you will receive a message ““The Java plug-in needs your permission to run.” and you’ll be prompted to accept or deny.
  • Set Firefox to click-to-play for similar protection.

 
3.    Update your software
 

  • If you have a computer support coordinator (CSC), no action on your part is required.

Note: Java 7 Update 17 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets.
 
 

RELATED LINKS