What is Java?

Java is a computer language that allows programmers and application developers to write software that can run on many different operating systems.

Many applications and websites require end-users to have it installed. Websites incorporate Java applets (small applications) to enhance the usability and functionality of a website.

In general, when a user visits one of these websites, depending on their browser’s security settings, they may have no idea that the applet is automatically running.

End-users typically have “Java Runtime Environment” (JRE) installed on their computer. In many instances, this software was pre-installed on their computer.

More recently, this practice is becoming less common. If JRE is not installed on your computer, and you visit a website that requires JRE, generally, you will be prompted to install JRE.

What are the Risks?

Java is designed to work on almost any computer, but has been prone to numerous reports of vulnerabilities. Cyber criminals can create a single attack tool that can potentially hack almost any computer in the world.

According to the SecureList IT Threat Evolution Report released by Kaspersky Lab in May 2013, “The most widespread vulnerabilities are found in Java and [the vulnerabilities] were detected on 45% of all computers.” [source]

These attacks are based, at least in part, on older versions. When a newer version is released and installed on a machine, the older version may not automatically be uninstalled. This was intended to provide an easy way to roll back to an older version in case of compatibility issues.

Attacks can be used by hackers to leverage and to exploit the vulnerabilities that exist in those versions. This makes these weaknesses an attractive target for hackers and cyber criminals.

How Can I Mitigate This Issue?

Enable the automatic update feature, which will ensure you receive important security updates when they are released. Visit www.java.com/en/download/help/java_update.xml for instructions on turning on the auto-update feature.

Set the security level to “High” or “Very High.”

The most recent versions have the ability to manage when and how untrusted applications/applets will run. You can set the security level from within the Java Control Panel so that you are notified before any untrusted Java applications run. Visit www.java.com/en/download/help/jcp_security.xml for instructions on setting the security level.

Clear the Java cache periodically. This forces the browser to load the latest versions of web pages and programs. For more information visit www.java.com/en/download/help/plugin_cache.xml.

Do not allow applications from unknown publishers to run.

Remove older, unneeded versions. If a certain version is needed, determine what release level is needed and remove all versions prior to that. For more information visit www.java.com/en/download/faq/remove_olderversions.xml.

For More Information

For additional information visit:

• What is Java?
• Security Resources
• Uninstalling on Windows
• Uninstalling on Mac
• Disabling Your Browser’s Plugin

* Information reprinted from the Multi-State Information Sharing & Analysis Center.

 

 

Videos

[cleveryoutube video=”http://youtu.be/cYe6NyRqsOE” vidstyle=”1″ pic=”” afterpic=”” width=”600″ starttime=”” endtime=”” caption=”” showexpander=”off” alignment=”center” newser=”Java Security”]

 

[cleveryoutube video=”http://youtu.be/uQohuugCpeo” vidstyle=”1″ pic=”” afterpic=”” width=”600″ starttime=”” endtime=”” caption=”” showexpander=”off” alignment=”center” newser=”Java Security”]

 

Related articles

• Cyber criminals add new exploit for recently patched Java vulnerability to their arsenal
• Java 6 users vulnerable to zero day flaw, security experts warn
• Many firms vulnerable to Java 6 flaw, warns Qualys
• Java 6 0-Day Exploit in the Wild
• The no-patch Java 6 zero-day conundrum