Oracle, maker of Java, does not have a good track record for fixing holes in Java. A new Java security hole that apparently targets Java 7 (however, some researchers think it also apparently targets some versions of Java 6) was discovered recently. What options do you have for fixing the problem?
- The safest thing to do is to uninstall Java from your computer. If that’s too extreme, then uninstall Java plugins. KrebsOnSecurity has an article listing how to disable Java in Firefox, Internet Explorer, and Google Chrome, which you can access here https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
- If you need to use Java for some sites, then the safest thing to do is to use two browsers and disable the Java plugin for the browser you use most often. For example, disable Java in Firefox and use Internet Explorer for the sites that absolutely must use Java. If you decide on this solution, make sure you keep Java up to date.
- Another viable option is to use Firefox with the NoScript plugin, available at http://noscript.net/getit. NoScript allows you to choose when to allow JavaScript to run. NoScript can also block Flash Player, which is another problematic plugin.
- If you have a PC, make sure you run Secunia’s Personal Software Inspector available here http://secunia.com/products/consumer/psi/ at least weekly to keep up with any updates available for all of your programs.
This vulnerability affects Macs as well as PCs. Only visiting “safe” sites will not help you avoid this issue.
Oracle released an update to fix this issue last night.
Don’t wait! Save your computer, save your information.
Intentional Privacy 