Java gets 14 security fixes on 6/12/2012. Update now!
On June 12, 2012, Oracle released patched versions of its Java SE and FX software, patching 14 security holes. Oracle proudly proclaims that over 3 billion devices run on Java, so it's a reasonable bet that you use Java on some of your Internet capable digital devices. You may not even be aware that you have Java installed.
In case you didn't know, Java is the number one targeted browser plug-in in all of the current malware attack kits, distributed in spam email blasts. It is specifically targeted in the notorious BlackHole Exploit Kit, which I write about often.
The problem with running vulnerable versions of Java is that a successful exploit can cause a scripted attack to jump out of the safe area known as the "sandbox" in a browser and penetrate to the operating system. Once it gains access to the O.S., anything goes. This usually ends up with the PC, or smart-phone becoming botted, rooted (rootkit), Trojanized (e.g.: ZeuS banking Trojan, rogue anti-virus, ransom-ware) and used as both a spam sending and DDoS attack tool.
In the Patch Advisory for June, 2012, Oracle enumerates the software packages updated and the threats these patches fix. This patch affects the versions of Java (SE or JRE) used by most consumers in their browsers, as well as developer versions of Java. Oracle is quite clear in urging all users of affected versions of Java to upgrade as soon as possible. Here is a quote from the latest advisory:
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible. This Critical Patch Update contains 14 new security fixes across Java SE products.
Note: Java SE fixes in this Update are cumulative; the latest Critical Patch Update includes all fixes from the previous Critical Patch Updates.
Users running Java SE with a browser can download the latest release from http://java.com. Users on the Windows platform can also use automatic updates to get the latest release. Go to Start > Control Panel > View by: (change to) large icons ( or Classic View). If you have Java installed there will be an icon labeled Java. Click to open it and you can see the installed version on the opening tab, by clicking About Java. Updates can be scheduled or checked for on the spot under the Updates tab. I recommend scheduling daily checking for updates at a time when the computer is normally on. This way you won't miss a critical, sudden Java patch because the original setting was monthly.
Do not wait for exploit attacks before you patch Java. The latest versions in the patches are Java 6 - update 33 and Java 7 - update 5. Visit Java.com and click on the "Do I Have Java" button to see if you do have Java installed and active and which version it is. You will receive instructions for updating to the latest patched version for the operating system or device you are using when you go to that page. You can also download various versions of Java, from the Oracle SE Downloads web page.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.