Oracle has just released an emergency patch to fix critical vulnerabilities that malware authors have been exploiting in last month’s Java releases. Anyone who needs or actively uses the Java Runtime Environment for work or gaming should install this update as soon as possible.
Editor’s Note:
If you do not need Java on your system, we recommend uninstalling it entirely. Or at least, disabling the browser plugin.
Versions that Updates are Available for:
- JDK and JRE 7 Update 15 and earlier
- JDK and JRE 6 Update 41 and earlier
- JDK and JRE 5.0 Update 40 and earlier
Note: The version numbers of the updates available for download are Java 7 Update 17 and Java 6 Update 43.
When you visit the Oracle Security Alert webpage you will need to scroll approximately halfway down the page to see the
Patch Availability Table. The download link you will need to use is shown outlined in red below
From there you will be taken to a download page like the one shown here. We found that the download link offers the web-based installer to update your system. If you prefer, you can choose to use the
Automatic Updates Feature if it is enabled on your system instead of the web-based installer.
You can use the link below to view more information about the latest update and access the download link.
Oracle Security Alert Webpage
Learn more about the critical vulnerabilities being patched with this update here:
[via Krebs on Security and Ars Technica]
.