Network News

X My Profile
View More Activity

Important Updates for Adobe Flash, Sun's Java

Adobe and Sun Microsystems have issued updates to fix security problems in their Flash Player and Java applications, respectively. Flash and Java are some of the most widely installed third-party software applications on the planet, so it's a fair bet that criminals could soon be targeting these holes to break into vulnerable systems.

The Adobe update, released July 10, brings the Flash Player to version 9.0.47.0. Users can check for the presence of Flash on their machines and tell which version is installed by visiting this link. Any installation lower than 9.0.47.0 needs to be updated.

The latest Windows version is available for download here. Anyone still using Microsoft Windows 95, Microsoft Windows NT, or classic Macintosh operating systems will need to download the 7.x updater, from this link here. The update for Mac OS X, Linux, Solaris and other operating systems is available here.

The Java update can be installed from the Java.com home page. Click on the "Do I Have Java?" link to see if your machine has the latest version (Java Version 6, Update 2). Clicking on the "Download Now" button successfully installed the latest version of the Java plug-in for both Mozilla Firefox and Microsoft's Internet Explorer browsers on my machine (if you've taken my advice to run your Windows system under a limited user account, you will need to log in using an administrator account to apply these updates).

Windows users who install the latest version of Java will notice that its entry in "Add/Remove Programs" now calls the program simply "Java (TM) 6 Update 2." Previously, those entries read "J2SE Runtime Environment," or something to that effect. Bill Curci, the Java SE product marketing manager, said Sun made the change in response to feedback from users who were confused by the various Java product names, such as J2SE, JRE, JDK.

Windows users should remove any older versions still installed on their machines, as Sun's installer does not eradicate older versions of the software, which can occupy hundreds of megabytes of disk space. Worse yet, older versions of Java hanging around on systems have in the past left even fully patched Java installations vulnerable to attack. After updating one of my home PCs with this latest version, I found that it had no fewer than four previous versions of Java installed. Each can be safely removed via the "Add/Remove Programs" feature, accessible in Windows systems from the system Control Panel.

Apple licenses Java for use in Mac OS X systems, but the company is responsible for shipping custom versions of the software, so Mac users will need to wait until Apple issues its own update.

By Brian Krebs  |  July 16, 2007; 9:46 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Software Vulnerability Auction Stokes Researchers
Next: Your Money or Your Documents

Comments

Thank you for the notices on Flash and Java update.
Flash update went smoothly.
However, when I tried to update Java (I have 6.1) I got the message "you need to enable cookies ... ". Then I allowed java.com to place cookies for the session (using Firefox) and still no luck. Also, I got a message from the browser which said something like "Firefox prevented you from asking a site to place ... "
Anyone with any ideas?

Posted by: csavargo13 | July 17, 2007 6:30 AM | Report abuse

csavargo13: You need to tell Firefox to allow java.com to install a plug-in. When you get the "Firefox prevented you from asking a site..." message, there should be an "Allow Site" button on the right side of a yellow bar on the top of the screen. Click this button, and a dialog box should appear asking if you want to add java.com to the list of sites that are allowed to install add-ons to Firefox. Click the "OK" button and try installing again.

Posted by: crazyludwig | July 17, 2007 10:07 AM | Report abuse

fatanstic technology

Posted by: Jessica | July 17, 2007 10:14 AM | Report abuse

Java's got things farkled up...again. When you go to the url to verify which edition is on your machine, it reports the need for an update and says the download is right for Vista. But when you click the download now button, you are sent to a page that asks you to re-verify. It is only then that I discovered that the update isn't for Vista but, rather, for older Windows programs. PITA, eh?
Valerie

Posted by: Valerie | July 17, 2007 12:10 PM | Report abuse

Really appreciate your reminders re things like the Flash and Java updates, and clear instructions on where to find them, and your pointer on deleting earlier versions of Java. Both updates went very smoothly (using XP and IE7) even for a non-geek like me.

Posted by: Ken | July 17, 2007 12:54 PM | Report abuse

Hey Brian - thank you for speaking with me the other day. Just wanted to clarify the point that once folks have the latest release of Java on their system (downloaded from java.com) older versions no longer pose a security threat b/c the Web browsers (IE, Firefox etc.) will only use the newest version to interact with web pages. Also thanks to you who have reported challenges to this thread, we appreciate your feedback and will look into these issues.

Posted by: Bill Curci - Sun Microsystems | July 17, 2007 5:36 PM | Report abuse

I cannot verify my installation. I'm using Firefox will cookies and scripts enabled on a Win98 machine. It downloads and supposedly installs but verification says it is not on my machine. I deleted all versions of Java and tried again with the same result although Java 6 update 2 with a file size of 111 Mb shows up in the add/remove programs list. I had no problem with Adobe a few days ago so at least that is OK. But this is frustrating.

Posted by: Rosie Win | July 17, 2007 8:07 PM | Report abuse

Thanks crazyludwig. What you suggested was needed.
In addition, I found out, I needed to blanket enable cookies; putting java.com on the list of allowed sites was not enough.
Anyway, update installed.

Posted by: csavargo13 | July 18, 2007 1:05 PM | Report abuse

Well I finally got it verified by enabling the Java console.

Never mind.

Posted by: Rosie Win | July 18, 2007 9:50 PM | Report abuse

Does it matter when I uninstall the older java versions? (ie before/after the installation of the latest version).

Posted by: stern | July 19, 2007 6:37 AM | Report abuse

My son and I have a few computers, so for each computer I have to download the installer, to download the player, to install the player, at least twice, once for Internet Explorer, once for Firefox and once for Opera on some.

Adobe used to have a page where you could download the full installer and run that locally but I can't find it anymore. What a pain in the butt for an upgrade.

Posted by: tex_marlowe | July 19, 2007 11:09 AM | Report abuse

Thank you for the heads-ups. I downloaded the updates, and everything went smoothly until I tried to delete our really old version of Java. A message popped up saying that not all of its components could be deleted, and those should be deleted manually. Is this worth doing, and if so, how do I do this?

Our computer is running Windows XP Home Edition, and we use IE, in case it matters.

Posted by: Amy | July 19, 2007 4:13 PM | Report abuse

Hey, Brian! I hope you're still following this thread. From Sun's website FAQs:

"Can I remove older versions of the JRE after installing a newer version?"


The latest version of the Java Runtime Environment (JRE) contains updates to previous versions. There might be some applications or applets written and tested against a specific version of the JRE.

It is recommended that you keep older versions of the JRE on your system. If you are running low on disk space, you can uninstall older versions of the JRE.

To remove older versions of JRE, go to Windows Java Runtime Environment uninstallation instructions page.

http://www.java.com/en/download/faq/5000070400.xml

I imagine most security folks would tend to disagree!

Posted by: Keith Warner | July 20, 2007 11:13 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company