Java Security

Dividing Line

Java SecurityOn January 10, 2013, security professionals reported that an unpatched vulnerability in Java software (version 7, also known as 1.7) exposed Windows, Macintosh, and Linux computers to malware infections simply from browsing the Web.

Java is a runtime environment that works "behind the scenes" to provide access to many Web sites, online services, and applications, including University services such as OWL, UMassOnline or PeopleSoft applications.


What we Recommend you do 

it's Learning 365 recommends that users:

  1. Check your version of Java. The version of Java on your machine will determine your next steps. 
  2. If using Java 7 (a.k.a. 1.7): Install the latest version as soon as possible.
  3. If using Java 6 (a.k.a. 1.6): Do not upgrade to Java 7. Ensure you are running the latest update to version 6 (Java 6u38)
  4. If Java is not installed: Do not install Java unless absolutely necessary
  5. If Java is installed, but not in use: Disable it from your Web browser(s)


What Exactly is this Latest Java Vulnerability? 

This most recent exploit enables automatic malware downloads, meaning that users do not have to click a malicious link to get their computers infected. Simply using a vulnerable version of Java is sufficient to compromise a computer. Once downloaded, the malicious software may collect user names, passwords and other sensitive information.

All versions of Java 7 are considered vulnerable. The exploit  does not affect previous versions of Java (e.g. Java 6).

Last modified: Friday, 30 November 2018, 12:15 PM