Ask Us logo

Quick Links

Java 7 security vulnerability (Updated 2/6/2013)

SUMMARY: Java 7 security vulnerability (Updated 2/6/2013)
POSTED ON: 01/11/2013
REPORTER: ITS Help Desk (help@hawaii.edu)
START TIME: Jan 10 10:00 AM
END TIME: Feb 15 12:00 AM
DESCRIPTION: A security vulnerability in Java 7 is being actively exploited "in the wild". Oracle released an updated version of Java 7 on 1/13/2013 to address this vulnerability, however new security vulnerabilities were identified and, as a result, Apple has blocked Java from running on Safari.

As a result of the continued security vulnerabilities with Java, we recommend that all users disable Java for their web browsers. If Java is needed, enable Java on only one web browser, and use another web browser with Java disabled for all other activity.

For Banner Forms users on Mac OS X, those using Java 7 on OS X 10.7 or 10.8 can still use Java with Firefox. Users on OS X 10.6 will need to use an older version of Firefox (3.6.28) to continue using Java 6.

For Banner Forms users on Windows, those using Java 7 should update immediately to the latest version. Those who continue to use Java 6, Oracle states that this vulnerability does not affect Java 6 so no update is required at this time. To update Java 7:

- Go to the Control Panel ("Classic" view in Windows XP and Vista, or "Icons" view in Windows 7)
- Click on the Java icon
- Go to the "Update" tab from within the Java Control Panel window, and click on "Update Now"

NOTE: This notice only applies to Java, and NOT to javascript, which is completely separate and is not affected by the vulnerabilities.

More information on Apple's second block of Java web plugin:
http://www.macobserver.com/tmo/article/apple-remotely-blocks-java-os-x-web-plugin-for-the-second-time

Oracle's posted security alert can be viewed at:
http://www.oracle.com/us/dm/139193-wwmk10067711mpp001-oem-1896935.html

The U.S. Department of Homeland Security Computer Emergency Readiness Team (CERT) alert can be viewed at:
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
UPDATE:02/06/2013 08:34 AM: Oracle has released critical updates for Java 6 and Java 7. If you are using Java, please run Java updates to ensure you have these critical updates installed.

For more information about the updates, you can see Oracle's Java SE Critical Patch Update Advisory:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html