The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.
I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). Otherwise, seriously consider removing Java altogether. Keep in mind that updating via the control panel will auto-select the installation of the Ask Toolbar, so de-select that if you don’t want the added crapware. Updates are available from or via the Java Control Panel. If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates also should be available via the Java Control Panel or from. Users also can visit and click the “Do I have Java?” link on the homepage. At the command prompt, type “java -version” (again, no quotes). Windows users can click Start, then Run, then type “cmd” without the quotes. There are a couple of ways to find out if you have Java installed and what version may be running. According to Oracle, vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system. Those who’ve chosen to upgrade to the newer, “feature release” version of Java - Java 8 - will find fixes available in Java 8 Update 5 (Java 8 doesn’t work on Windows XP).Īccording to Oracle, at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 10.0 - the most severe possible. The latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 55. So - if you have Java installed - it is time to update (or to ditch the program once and for all). Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program.
0 kommentar(er)
