On Tuesday Java plugins across the net got hit with a zero day exploit leaving thousands of systems infected, and even more vulnerable. The exploit took advantage of a loophole that allowed it to gain elevated permissions within a runtime environment. Normally to gain such permissions would require code signing and system or user authorization. As a result if a web browser equipped with a Java plugin visited a site containing the exploit, the host system of the browser could become infected with a variety of malware.
According to Oracle’s Security Alert for CVE-2012-4681 all systems running JRE 7 Update 6 and earlier are at risk. Those still running JRE 6 must also update to version 35 as all earlier versions are now listed as vulnerable. However, the exploit does not affect servers or standalone desktop apps, only web browsers.
To prevent intrusion from happening now, and in the future, there’s two steps to take. The first is to disable Java plugins for all of your web browsers. The second step is to manually update the Java runtime environment on your computer to build 1.7.0_07-b10 (Update 7) or newer.
The update can be found on Oracle’s website in the official Java download center. While at the site click the Download button under the JRE column of the Java Platform, Standard Edition.
From the Download list, select the one that matches the Operating System you’re using. If you’re unsure whether you are running 32-bit or 64-bit, check out this guide. If you’re running Linux, we’ll just assume you know.
Once the update downloads just run it and Click Install. It’s a one-click procedure, and it takes about one minute to complete.
Alright, hopefully this makes you feel more comfortable with your computer’s security! I know I feel a lot better not worrying about it anymore. With the update installed and plugins disabled, your system should be safe from Java exploits for the foreseeable future.