Thursday, October 20, 2011

More info on why you should update Java JRE ASAP

If you have Java installed (XP users check "Add/Remove Programs", Vista/Windows 7 users check "Programs and Features") you either need to uninstall it or update it. Two articles which are 'less user-hostile (most people say "more user-friendly") that the links I posted earlier are here:

Critical Java Update Fixes 20 Flaws — Krebs on Security

Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.

If you use Java, take some time to update the program now.

That, IMHO, should read "If you have Java installed,  update the program now.

Java update plugs 20 critical security holes | ZDNet
Summary: The patch, which provides a fix for the SSL Beast attack, comes at a time when anti-malware vendors are reporting an “unprecedented wave” of exploits against vulnerabilities in Java.

Oracle has shipped a critical Java update to fix at least 20 security vulnerabilities, some serious enough to cause remote code execution attacks.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” the company warned in an advisory.

According to Oracle, 19 of the 20 vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Links to the Java downloads are in yesterday's blog entry Oracle releases BEAST-patched version of Java.

No comments: