Java 7 Security Vulnerability Discovered, Here’s How To Protect Yourself
A new potentially dangerous Java security vulnerability has been discovered that could allow malicious code to run on a Java-enabled computer, be it a Mac or Windows PC. Most Mac users will be safe from the vulnerability because OS X Mountain Lion does not include Java by default, and OS X Lion includes an older version of Java that is not vulnerable to the exploit. That said, if you have recently updated Java or installed it manually in OS X Mountain Lion, you’ll want to double-check which version you have. Yes, Oracle will release an update to resolve the issue, but for the time being take a few basic steps to protect yourself by disabling Java either system-wide or in your web browser of choice.
- Java SE 7 (1.7) is vulnerable
- Java SE 6 (1.6) or lower is safe
Here is exactly how to check if you are vulnerable, plus how to disable Java and protect yourself.
Check Which Version of Java is Installed (If Any)
There are two easy ways to determine which version of Java is installed in OS X, one is using the GUI and the other uses the command line.
Check Version of Java Installed Using Java Preferences
- Open the Applications folder and then open Utilities
- Double-click on “Java Preferences”
- Find the Java version under Name and Version, ie: Java SE 6
If you don’t have Java Preferences installed, that means you don’t have Java installed either, which indicates you are safe. If you see “Java SE 6” you are also safe, if you see “Java SE 7” you need to act.
Check Version of Java Installed Using Terminal
- Launch Terminal, found in /Applications/Utilities/
- Type the following command exactly
- If you see java version “1.7” you need to act, if you see java version “1.6” or lower, you are safe
Protecting Yourself: Disable Java System-Wide in Mac OS X
You may recall that disabling Java was the number one tip we suggested when protecting a Mac against viruses and trojans, that’s because the majority of security problems that have effected Macs lately come from Java. If you haven’t done that yet, here’s how to do it now:
- Open “Java Preferences” from /Applications/Utilities/
- Uncheck “Enable applet plug-in and Web Start applications”
- Uncheck “ON” next to Java SE
Disable Java Per Web Browser in OS X
If you don’t want to disable Java everywhere because you need it for something like Eclipse or Minecraft, disable it on the web browser you use instead.
Disable Java in Safari
- Pull down the Safari menu and select “Preferences”
- Click the “Security” tab and uncheck the box next to “Enable Java”
Disable Java in Chrome
- Type “chrome://plugins/” into the URL bar, locate Java and click disable
Disable Java in Firefox
- Open Firefox Preferences and under the “General” tab click “Manage Add-ons…”
- Select “Plugins” and find Java (and/or Java Applet), click the Disable button
These are the recommended tips to take to protect yourself, and though they’re geared towards Mac OS X you should find that disabling Java in web browsers is the same in Windows too.
We’ll post an update when an updated version of Java is released that addresses the security issue.
Update: Oracle has released a fix for the JE7 vulnerability, you can get it directly from Oracle here.