By now it’s likely you’ve seen something in the news or someone has warned you to either update your Java plug-in in your browser or to completely disable it. In addition to ending support for any Java version below 7 since January of this year, Oracle has been plagued with a series of overlooked exploits in recent Java updates and patches.
An exploit is a vulnerability in a program that a cyber attacker can use to gain access to a user’s machine. This can lead to unauthorized access to your computer or downloads of malicious code or programs. There can be exploits in any software but generally those that are of the most concern are in browsers or programs that work in browsers because that’s how outsiders get in.
Back at the start of 2013, the Java software had such glaring vulnerabilities that even the Department of Homeland Security issued a warning. Users were encouraged to disable the program in their browsers until a patch was issued. Many IT security pundits raised their eyebrows at the delayed reaction from Oracle since this vulnerability had been identified months prior. Since then, Java has been plagued with a series of high-profile exploits.
As Java rises in popularity and use, it’s only understandable that it will draw more attention from hackers. According to Internet security firm Kaspersky, 2012 saw Java comprise 50 percent of all hack attacks through software vulnerabilities. Some security consultants encourage the disabling of this software all together on work devices since very few actually need it to complete tasks.
This week, Java is back in the news with yet another glaring vulnerability in its software. Apple has updated its browser, Safari, to give the user choice on a case-by-case basis of whether or not to run Java. It released a software patch last week that hasn’t yet been fully adopted by all users. If you haven’t updated yet, run a software update check or go here to update Java or visit this site on the how-to on disabling the program.