geekhack

geekhack Community => Off Topic => Topic started by: BucklingSpring on Sat, 02 February 2013, 19:08:44

Title: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: BucklingSpring on Sat, 02 February 2013, 19:08:44

http://hothardware.com/News/Oracles-Latest-Java-Patch-Contains-Huge-Security-Flaw-Update-of-50-Fixes/ (http://hothardware.com/News/Oracles-Latest-Java-Patch-Contains-Huge-Security-Flaw-Update-of-50-Fixes/)

Dunno if you live in a cave but if you do -  Couple of weeks ago, Oracle/Java was all over the news regarding major security flaws.
2 days later, they released Java 7 update 11... Most of us thought it was addressing the flaws above. Well - It wasn't.

Oracle just released 7 update 13 two weeks ahead of schedule in order to patch the holes.

Quote from link above:
If our not-too-subtle hint a couple of weeks ago about the perils of having Java installed wasn't enough to convince you to uninstall, you should waste no time in heading on over to the official site and grabbing the latest version (7u13). When it comes to Java, the Swiss-cheese of the software world, it's important to snag updates whenever they're rolled-out - but this one is in a league of its own. Oracle managed to pack 50 fixes with this single update - the largest bulk of fixes ever seen in the software's history.


So do yourself a favor... And Patch your Java right now :-)

Here's the link
http://www.java.com/en/download/manual.jsp (http://www.java.com/en/download/manual.jsp)

Title: Re: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: Burz on Sat, 02 February 2013, 20:35:37

Reading the notes from the advisory, I see its almost all related to web client usage-- applets and webstart. Most people already know better than to trust this stuff, and I think its been a while since Java applets were turned on by default on PCs (at least I hope so...).

Java on the server side is much more secure. I would choose it over PHP for most tasks that require good security.

Title: Re: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: IvanIvanovich on Sat, 02 February 2013, 21:00:09

Unless you really really need java, I think not having it installed at all is the best move. It seems to be nothing more than a security black hole most of the time anymore. I don't remember there being so many huge problems before Oracle took it over.

Title: Re: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: BucklingSpring on Sat, 02 February 2013, 21:55:51

I agree, we can live without Java.

This message was for those using it casually.

Title: Re: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: keymaster on Sat, 02 February 2013, 22:22:09

It's a good thing I've been browsing without Java since I first heard of the unpatched exploits. Not a single **** was given since then. :P

Title: Re: JAVA OUPS - Patch your JAVA to 7 update 13 ASAP
Post by: tp4tissue on Sat, 02 February 2013, 23:16:03

I didn't bother, because I only browse a few select sites... but...... how do I know if I've been affected by the "exploit"