Java is Java and it’s always been a bit insecure. But now a really big security flaw has surfaced and this one is one you need to know about and take action to protect your computer. Here is an article from Geek.com that will give you insight into the current 0-day exploit which makes all computer users vulnerable — yes even those using Apple computer. This article will also tell you how to disable Java in your browser — or to remove it completely from your system.
The following is from Geek.com:
“Oracle has known about the Java 0-day exploit for months
Many websites, including us, have been advising users to disable Java immediately following news that a 0-day exploit exists that could see your computer compromised. It doesn’t matter if you run Windows, Mac OS X, or Linux, your PC is at risk. No browser is safe either. So if you haven’t done so, follow our guide to disabling it.
The only people who can fix the exploit work for Oracle, and with patches only typically being released three times a year, there may not be a solution until the middle of October. However, what’s more surprising is the fact Oracle has apparently known about the exploit since April, and released a patch in June that didn’t include a fix for it.
That revelation comes from security company Security Explorations. They informed Oracle of the exploit along with 30 others that needed fixing back in April. SE have admitted being surprised Java’s June update didn’t include a fix, and don’t understand why Oracle overlooked such a serious security hole…”
Read the entire article here — and please do disable Java (until it’s patched) by following the instructions here
Don’t I need Java to work with many things on the Internet????
Not so much any more. Some game sites. Most Java menus are JavaScript/CSS/DHMTL not Java applets. The security problem was not with JavaScript – it was with Java
Applets.
I just received a java upgrade from Oracle today Aug 31 2012. Is this the patch that is required. I downloaded the upgrade before I read your article. Thank you so much for the wonderful work that you do. I enjoy reading the newsletters daily and they have been unbelievably helpful.
Joyce
I downloaded an update just now as well before reading your article. If we disable Java will this not make a lot of websites stop working propaly?
Love your work throughout the years and please keep the good information coming. Thank you so much.
Isabelle
According to the latest Oracle blog regarding 0-day exploit for Java .. the latest release should fix the problem.
https://blogs.oracle.com/security/entry/security_alert_for_cve_20121
Mmmm…. I too just downloaded an update (Sept1) and for the life of me can’t find the program. Would appreciate you guys helping us poor souls out. What should we do?
I just tried to disable my Java from your instructions and that page froze up. Can’t do anything on the Geek site. There is no response at all when I get to the site. Even had to bring up Task Manager to get off the page.
At the Geek site the page froze twice. 3rd time was okay. I will go into my add-ons and disable, but as Isabelle says, won’t this affect how we are able to view sites? What will substitute for the performance by disabling Oracle’s Java? Help! And once again, thank you. More times than not, I wouldn’t be aware of critical computer issues that were taking place if it wasn’t for you.
I’m very much confused by Java……Java vs. Java Runtime Environment. I always keep Java updated and the last update auto-update installed on 8/30 was version 6 update 3.5. I recently visited a site that says they do not support my current version and when I clicked on their pop-up, Jave said the current version is 7. Why didn’t Java’s auto-update on the 30th give me version 7?
As for the Runtime Environment version, mine is 5.0 update 10. (date installed is sometime in 2009) I’ve looked all over the Java website and can’t find reference to Java Runtime Environment versions or the Java version 7.
This is mindboggling to me. Obviously, I don’t trust Java and I do trust you, so I will disable Java. But in the meantime, do you have any words of wisdom to help me understand this a little better.
By the way, Java site recommends that I should uninstall all prior versions of Java when a new one is issued. If this is true, why doesn’t their auto-update do it automatically? And, wouldn’t this be true of the “Runtime Environment” version which I have no way of knowing if they do anything to update it?
Thanks for listening to my rambling.
“Totally lost in Javaland”
By the way, I did a search on the Java site, AND on the Oracle site for “0-day”, and after nothing came up at either site. I explored the security pages….again, NOTHING. Guess you have to be a developer with a “magic #” to access Oracle info, but still, I think it’s irresponsible of them not to even acknowledge it…somewhere.
I also disabled java on everything I own. I didn’t have any problems with that page freezing up but nothing else works right.. not facebook or google search or even Cloudeight’s home page. Is there something else we can install to take the place of Java?
Hey ya’ll TY so much for all the great info ya’ll give,I could not do without ya’ll,Keep the great info coming,Huggies
Does Java 7 Update 7 address this new threat? I have so many shopping sites that I use regularly which require Java. Are there any answers available?
how can you disable Java when you can’t get on your bank without it because they run on it and other programs run on it as well and you can’t access them without it.