Sun Releases Java Security Update
Sun Microsystems is urging users of its Java software (i.e., most computer users on the planet) to apply a security patch to fix a dangerous security vulnerability that exists in most versions of the program.
Many people may not even know they have Java on their systems. It may have come pre-installed (in which case your copy probably is really old), or you may have installed it because some interactive Web site said you needed it to properly view its content. To check, visit the "Add/Remove Programs" list in the Windows control panel and look for something called "J2SE Runtime Environment."
If your version says anything less than "Update 10," it's time to update again. The patch is available for download here (most people will want to select the "Java Runtime Environment (JRE) 5.0 Update 10" option.
The vulnerability, according to the Sun security advisory, stems from a problem with the way that Java handles certain types of image files ending in ".gif." By convincing users to visit a Web page that hosted a specially crafted .gif image file, an attacker could take complete control of a vulnerable computer running vulnerable version of Java.
It's worth noting that this is far from a Windows-only problem. While Java is installed on most Windows systems, it is built into all Mac OS X systems and most Unix and Unix-like systems, according to the SANS Institute, a security research and training group based in Bethesda, Md. Sun urges all computer users to apply this update.
I am not a huge fan of Java. I believe that most people are better off without this program installed on their systems at all. After the last couple of updates, I removed Java from most of the systems I use and haven't had any need to re-install it.
If you do decide to update, keep in mind -- as Security Fix has mentioned time and again -- that it's a good idea to make sure and get rid of older copies of Java that may be lying around on your system -- and there may be several older (i.e. vulnerable) copies of the software taking up hundreds of megabytes of space on your hard drive.
Previous Java updaters have tended to leave older versions of the Java plug-in, well...plugged in to both Firefox and IE, but this installer did not. However, it did leave behind Update 9, so you're probably best off making sure that's gone whether you choose the update or abandon Java route.
Posted by: J. Warren | January 23, 2007 12:00 PM | Report abuse
Posted by: Nick | January 23, 2007 12:07 PM | Report abuse
Posted by: Nick | January 23, 2007 12:19 PM | Report abuse
Posted by: Jim | January 23, 2007 1:20 PM | Report abuse
Posted by: SPENCER ADAMS | January 23, 2007 1:26 PM | Report abuse
Posted by: Balto, MD | January 23, 2007 2:23 PM | Report abuse
Posted by: dijit44 | January 23, 2007 2:59 PM | Report abuse
Posted by: aleks | January 23, 2007 3:20 PM | Report abuse
Posted by: javafreak | January 23, 2007 3:48 PM | Report abuse
Posted by: Anonymous | January 24, 2007 7:09 AM | Report abuse
Posted by: Vicky | January 24, 2007 11:45 AM | Report abuse
Posted by: brandon | February 13, 2007 10:57 AM | Report abuse
The comments to this entry are closed.