Java in Hot Water – What You Need to Do

Java LogoRead below to find out how to update your Java software

Taking highly unusual action, the US Department of Homeland security warned computer users Thursday evening to disable their Java software due to a security exploit discovered last week. When I first heard of this I was skeptical, as this sounded like any number of hoaxes circulating around the Internet. However, upon researching it, I found it was true. The only question was why did the USDHS take this action? Most flaws are theoretical problems or not likely to be exploited widely. Was this flaw actually that serious or were they overreacting?

As far as I can discern, the main reason the USDHS offered this warning was because the vulnerability was already being exploited in the wild. Several popular “exploit toolkits” were already targeting this flaw, making it easy for criminals to deploy malware to attack affected computers. In addition, soon after the exploit was discovered, Apple Inc. chose to remotely disable Java on Macintosh computers through their Mac OS X anti-malware feature. Apple is not a company that is known to overreact to obscure security warnings, so for them to take this action speaks to the severity of the problem.

The good news is that Oracle, the company that develops Java, released an update to fix the flaw over the weekend. I highly recommend that all computer users download and install this update. The simplest way to do this is to visit this web site (http://www.java.com/en/download/testjava.jsp) and follow the prompts given. I will be happy to help any one who is not comfortable with this procedure, so please let me know if you have any questions or concerns.

* Note that this problem does not affect iPhones or iPads, as they do not run Java software. Android-based smartphones are also likely unaffected, as there is no standard Java Runtime Environment for Android.