Skip to main content

Check Before Updating Your Java

By March 10, 2016May 26th, 2021Blog, Technology News

check_before_updating_you_121321_222830Software companies seem to be losing their longstanding battle with the hacking community. In a recent blog post, Eric P. Maurice, who is the director of Software Security Assurance for Oracle, reported a devastating new software vulnerability that, while somewhat complex to execute, can result in the complete compromise of a user’s system.

Designated CVE-2016-0603, this exploit manifests itself in the software’s installation routine, which could actually be malware in disguise. In order to get around this problem, the company, through Mr. Maurice, recommends that you delete any old copies of Java or the installer from your machine, visit Java.com to ensure that all previous versions have been completely removed, and to get a guaranteed clean copy of the installer. He underscored the point that getting your installer from any other source could result in the total compromise of the user’s system.

This is a widespread, pervasive security flaw that impacts users of Java 6, 7 and 8. Users who currently have version 6 installed, and do not wish to upgrade to version 9, should install 6.113, which is the patched version of the software. Users of version 7 should either upgrade to version 8.73, which is patched, or version 9.

This revelation comes not long after Oracle made the announcement that it was planning to dump its Java browser plug-in entirely, due to numerous security issues with it. Of course, the plug-in itself won’t magically disappear. It is used by literally millions of web developers around the world, but given that support for it is disappearing, those who choose to continue designing their sites around its capabilities are on notice, as are people who use the plugin to view the content those developers create. In the absence of ongoing support, new security flaws won’t be patched when discovered, which makes surfing the web that much more dangerous.

The best course of action, if at all possible, is to steer clear of Java (including the plugin) until the most pervasive of the security flaws can be patched over. If that’s not possible, then at the very least, you’ll want to be sure your IT staff is on guard and watching for potential threats from this direction. If you have any questions or concerns about your company’s network, and its potential vulnerabilities, it never hurts to get an outside expert’s opinion. Contact a qualified independent network security consultant for a detailed analysis so you know where your weak points are, and what to do about them.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply