No doubt you’ve seen news reports or a post on your social network alerting you to concerns about something called “Java” that could cause trouble on your computer. If you aren’t sure what’s happening or need a straight forward explanation for a friend or loved one, here’s an overview to help you sort this out:
What is Java? Both a language and a platform to run websites and programs, it’s used by many, many computer users, both on the PC and Mac operating systems. It’s also used by many other kinds of technology, from smartphones to parking meters to game systems.
Where is it found on my computer? It was likely installed by the manufacturer. If you have automatic updates for Java on Windows turned on (it’s called Java Auto Update), it’s updating itself. To configure Auto Update, you will need to open your Java program. For most Windows users it is found within the Control Panel. Java should update itself automatically for Mac users as well, but in case you aren’t sure, you can find information on updating Java for Mac at this page.
What is the problem? There is a “hole,” or vulnerability, in Java 7 unless you install the latest patch. There are toolkits allowing someone to gain control of your computer by leveraging the hole in Java if you should visit an infected or compromised website.
Who discovered a problem? Last week, the US Department of Homeland Security issued a warning to Americans, recommending we temporarily disable Java on our computers to minimize the opportunity for a hacker to leverage vulnerabilities and gain control of our computers.
How do I fix it? First, remain calm. Despite the urgency of the warning, it’s unlikely you’ve been infected if you are running security software such as Norton – we protect against this vulnerability – and haven’t visited the wrong websites. Update your Java to get the patch available to fix the issue. Visit the Oracle Java site to learn if you have the latest version. Click the “Do I have Java?” link to determine which version you have. The latest version with a patch to address this vulnerability is 7.11. If you still wish to disable Java as the DHS recommends, you can do so. Oracle has a page with detailed instructions for you.
What other actions should I take? Take the opportunity to review your security software. Make sure the subscription for your Norton security product (or other brand) is still valid and the product is up to date. Review your operating system and other key programs to be sure you are using the most current versions and have applied all appropriate patches.
Where can I learn more? For a more technical review of the issue and Norton by Symantec’s recommendation, look no further than our Security Response team’s blog:
Or the Oracle Security Assurance blog: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013