Tuesday, January 15, 2013

Java Vulnerability

Various sources have reported on a Java vulnerability concerning the Java browser plugin.  Please refer to the following links for more information.  It affects all platforms, especially the Mac and Windows computers we use here.  It affects JDK and JRE 7 update 10 and earlier.  Note: JDK and JRE 6, 5.0, and 1.4.2, and Java SE Embedded JRE releases are not affected
The latest Java 7 update (11) changes the security level to high, with the user always being prompted before any unsigned Java applet or Java Web Start application is run.  However, it is advisable to disable the Java browser plugin, regardless of version.  If you use sites that require the plugin, consider disabling it in your default browser, and use a secondary browser exclusively for any Java-related activity.
 
Attn Mac users, please see this note regarding Java 7: http://java.com/en/download/faq/java_mac.xml.
  • Apple is disabling the Java 7 plugin automatically on systems where it's already installed.
  • For OS X 10.7 and later, the update Java for OS X 2012-006 uninstalls the Apple-provided (v. 6) Java plugin from all browsers.
Please reply with any questions