Knowledgebase
Java 7 security vulnerability - September 2012
Posted by Chris Bailey on 04 September 2012 10:30 AM

Recent security vulnerabilities in the latest version of Java, which affects Java applets, have been found and patched by Oracle: 

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

According to some articles (http://blogs.computerworld.com/cybercrime-and-hacking/20926/despite-new-patch-java-7-still-dangerous-go-version-6), even though the issue was initially addressed by Oracle, there are new exploits of the same issue.

Until this issue is finally addressed, for customers who rely on Unlimi-Tech and FileCatalyst applet technology, we are recommending the following precautions:

On Windows

1) Use Java 6 where possible.  Java 6 was apparently patched, and there are no new exploits.  Any users currently using Java 6 on a Windows based computer will automatically receive this update.  If you are using Java 7, we recommend downgrading to Java 6 where possible.  Here is a link to manually install Java 6 for all platforms. http://www.oracle.com/technetwork/java/javase/downloads/jre6-downloads-1637595.html

2) If you are using Java 7, and cannot downgrade, you can limit the risk.  Browsers such as Internet Explorer and Google Chrome will always prompt you to run Java applets (by default).  Ensure that before running an applet, you trust the website that you are on.  If unsure, do not run the applet and contact the site's administrator.

On a Mac

1) By default, any users of Leopard (10.5) or Snow Leopard (10.6) are safe as they can only install Java 1.6.  Please ensure that all security patches are up to date using Software Update.

2) Users of Lion (10.7)  and Mountain Lion (10.8)  should also be safe as long as their Java is 1.6, which is the latest that Apple has released.  http://support.apple.com/kb/HT5267.  If the user has manually gone to Oracle and installed Java 7, you can downgrade it using these instructions:

Go back to Apple Java 6 using the following instructions:

  1. Uninstall Oracle Java 7 by deleting the plug-in file. From a Terminal window enter:
    % sudo rm -rf /Library/Internet Plug-Ins/JavaAppletPlugin.plugin
    
  2. Create a symlink using the following command, entered on a single line:
    % sudo ln -s /System/Library/Java/Support/CoreDeploy.bundle/Contents/JavaAppletPlugin.plugin /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

 

Please do not hesitate to contact our support team our your account manager if you have any further questions about the safety of our products.

(0 vote(s))
Helpful
Not helpful

Comments (0)