Oracle release Java 7 Update 11 to fix this security issue. Be sure to update: http://java.com/
Normally when I read about security vulnerabilities, I don’t really get a sense of urgency.
With the current Java vulnerability however, I do feel like people have to act quick because there are so many respected companies and even countries actively taking action:
- Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue
- Cisco: New Java Vulnerability Being Exploited in the Wild
- Mozilla Security Blog: Protecting Users Against Java Vulnerability in FireFox
- United States Computer Emergency Readiness Team (US-CERT) suggests disabling Java
Apparently this vulnerability is actively being exploited already and Oracle hasn’t released a Java fix yet. You might want to consider a combination of the options below:
- Updating Intrusion Prevention System (IPS) signatures (Cisco signature)
- Uninstall Java (Windows | Mac OS X)
- Disabling Java only for web browsers
- Disabling Java in specific web browsers
Personally I like the way FireFox is handling the issue because it blocks by default, but allows users to easily override this behavior for specific sites. Also I’m getting quite fed up with all these Java security vulnerabilities lately
I’d like to know what you’ll be doing. Have you or are you going to disable Java ? Which methods will you use ? Why ?