The saga of Java and its inherent vulnerabilities goes on unabated. The latest Java update includes patches for no less than 37 security holes, and that’s just the ones that have been identified. I’d love to know just how many individual patches Oracle has released over the past couple of years in what is seemingly a futile attempt to shore up its seriously flawed software… the words “colander” and “sieve” spring to mind.
According to Oracle’s official announcement, 4 of the 37 Java vulnerabilities received a Common Vulnerability Scoring System (CVSS) rating of 10.0, the highest/most severe possible.
Another 37 Reasons Why You Should Junk Your Java
You should be able to identify which Java version is installed on your machine by looking it up in the list of installed programs, inWindows 7 that would be Start>Control Panel>Programs and features. Or via the Java Control Panel. If you’re still not sure which version is installed on your machine, you can double check it here: https://www.java.com/en/
You can update the software via the Java Control Panel, see here for operating system specific guides: How do I enable and view the Java Console? or from https://www.java.com/en/.
*NOTE: Updating from within the Java Control Panel includes installation of the Ask Toolbar crapware by default, so make sure to deselect that option.
Also, here are two options persistent Java users might consider to help mitigate the risk:
- Universally disable Java for all sites and only re-enable for specific sites. Browser specific instructions here:https://www.java.com/en/download/help/disable_browser.xml
- Utilize two browsers, one without Java for everyday use and one with Java enabled to use with only those sites where it is essential.
For those users who may experience problems upgrading or removing Java, here is a link to a nice little freeware called JavaRA:http://singularlabs.com/software/javara/
Update or remove, it’s entirely up to you, but please do one or the other, and soon.
No comments:
Post a Comment