Do you still have Java turned on in your web browser?
If your answer is “Yes” or “I’m not sure” then it’s time to take action.
And the worst news is that Oracle (who has known about the zero-day vulnerabilities since April) doesn’t plan to issue a patch for the problem until October. (Update: Oracle has now issued a patch– but you should still consider whether you really want to run Java or not in your browser).
There will be many pointing fingers at Oracle and arguing that it has not taken the security flaws seriously, but the accusations that are bound to fly aren’t actually going to help the millions and millions of vulnerable devices out there.
Those devices need a patch from Oracle – but as it may not be available for some time, the best advice I can give you is to disable Java.
Naked Security’s Chet Wisniewski has put together simple instructions for users of the most popular browsers, explaining how Java can be disabled:
- How to disable Java in Internet Explorer
- How to disable Java in Firefox
- How to disable Java in Chrome
- How to disable Java in Safari
- How to disable Java in Opera
So, what are you waiting for?
Isn’t this just a storm in a
No, it isn’t.
Time and time again we’re seeing examples of cybercriminals exploiting flaws in Java to infect innocent users’ computers.
For instance, earlier this year we saw more than 600,000 Macs infected by the Flashback malware because of a Java security flaw.
In fact, it has become increasingly common to see malware authors exploiting vulnerabilities in Java – as it is so commonly installed, and has been frequently found to be lacking when it comes to security.
Cybercriminals also love Java because it is multi-platform – capable of running on computers regardless of whether they are running Windows, Mac OS X or Linux. As a result it’s not unusual for us to see malicious hackers use Java as an integral part of their attack before serving up an OS-specific payload.
Seriously though, stop reading this article now and check if you have disabled Java or not. Chances are that if you don’t think that you need Java, you don’t need it.
Even if you absolutely must use websites that require you to have Java installed, why not disable it in your main browser and have an alternative browser just for visiting that website?
What you need to do now is reduce the opportunities for attack. For most people that means disabling Java – and doing it now.