Java zero-day vulnerability that could result in your computer being infected simply by viewing a malicious webpage. Here is a link where you can test to see if you are vulnerable. Both links have instructions on how to disable Java in various browsers. Disabling Java won’t affect your ability to read or post on the SDMB.
Thanks–I meant to look into this earlier today, but got sidetracked.
I feel safer by not testing if I am vulnerable.
I have NoScript running on Firefox, and it won’t let the test work without permission; which I’m nervous about giving, actually.
NoScript will not protect you (much) from this Java exploit. Basically, if you are running an up to date version of Java (v. 7) you are vulnerable, and there is not expected to be a patch until October (though maybe this will be brought forward with all the publicity now).
It is easy enough to disable Java in Firefox: just go to the Add-ons/Plugins page and disable anything that refers to Java. It is not so easy in IE, apparently.
For most people, it is probably best just to uninstall Java, unless you have it for some non-web-related use. Few web sites use Java these days.
I tried to test but Chrome gives me an error:
Java™ was blocked because it was out of date.
With choices to Update or Run this time…
Sounds like I won’t be updating.
So I’ve got Java v 1.6_29 and am not at risk. Java is not going to automatically update to v 1.7 and put me at risk without my knowledge, is it?
IE 7 user.
How do I uninstall Java?
I had to check, but would have been surprised if I had Java enabled. I didn’t.
Click the links. Read them.
Java 1.7.07 is out.
It seems that Oracle has released a patch:
Oracle Security Alert for CVE-2012-4681 (discussion of patch)
http://www.oracle.com/technetwork/java/javase/downloads/index.html (download files)
I assume that this is also what beowulff’s link is providing.
I have to keep it installed because I have online forms/sites that require it <I think> but definitely have it disabled. And MSE found 3 Java Trojans on the 20th on it’s nightly run last week. (Sorry, can’t do proper smiles without Java, lol)
I am not sure? I updated my Java late last night (after reading about this issue on another site), and it still came up as vulnerable on the test site. I take it that the patch is brand new. Has it been integrated into the regular release yet?
In Windows, the easiest and surest way is to do it through uninstall programs in control panel. The instructions on those web pages are for disabling it from running in your browser (but leaving it on your machine in case it is needed for something else), which, it turns out, is not to hard to do in Firefox and probably in Chrome, but really difficult and complex in IE. I think very few people actually use Java for anything that is not browser based, and there are really not very web sites that use it now either, so just uninstalling is almost certainly OK.
On the other hand, from what Arnold and beowulff say, maybe the latest version is safe now (until some hacker discovers a newer vulnerability). I uninstalled last night, and I don’t think I am going to bother to put it back unless and until I have a real need for it.
Yep, and Dope smilies, as I just discovered (see above). Probably the drop-down menus at the top of the page, too.
Just in case there are people here who need Java and are going to update: You NEED to uninstall all of the older versions of Java before updating to the newest version. If you update to the newest version without uninstalling the previous versions, the older versions and their vulnerabilities will remain on your system.
I just went to uninstall and saw that I have JavaFX as well as Java. Is that part of what needs to be uninstalled before the new install? (This is on my PC laptop running Windows 7, in case that’s relevant in any way.)
I will only agree with this if you insert “client-side” in there before “web technology”.