Update your Java today

Like most people, when my computer wants to run any variety of updates, I click ignore and delay it until later. Later usually comes when I can’t take any more pop ups, but there are warnings being issued that Java updates should not be ignored whether you are on Windows, Linux or yes, Mac OS. If your computer has popped up requesting that you update your Java, do it now because a major vulnerability that was discovered this summer has been fixed but only in the most recent version. Older versions remain vulnerable and the problem “is being exploited by people who create the malware and crimeware that causes so many headaches for home users and corporate IT departments,” says All Things D.

If you’re at home, you should be able to update Java immediately, but if you’re at work on the company network, you may not have the proper permissions to update and will need someone from IT to install the updates. The National Vulnerability Database rates it a 10 out of 10 on the severity scale, and also rates it as “low” on the access complexity scale, so it’s quite easy for anyone malicious to execute an attack through this vulnerability.

---

---

HD Moore, chief security officer at Rapid 7, a company that specializes in staying ahead of new computer security vulnerabilities told All Things D that this particular vulnerability is so horrible because even after it was detected then fixed, the extent of how dangerous it was remained unknown and that crimeware creators were ahead of security researchers on this one and began adding code to web sites designed to take advantage of it. “It’s kind of like a perfect storm,” Moore said, with IT departments on the verge of being off for the holidays in conjunction with people flocking to the web to shop for the holidays.

For those that cannot update all of their machines, they are being advised to disable Java and block it at the firewall until the entire network has the Java update.

• Permalink