To take advantage of new capabilities in the SDK, users are encouraged to move to the latest version. Disable Java if you don’t need it, turn it off in your browsers if you don’t need it there, or only use it under controlled circumstances if you don’t have a choice.These downloads are intended for established users, and contain the latest IBM fixes and Oracle updates to the Java SE application programming interfaces (APIs). Thus I’d recommend that all users protect themselves, even if you aren’t currently at risk. But, as we’ve seen with Flashback and this recent attack, Java remains a prime target.
#Runtime java for mac software#
I keep a baseline snapshot of my virtual machines, and revert to those after any risky activity.įor once, being a software version behind worked to the advantage of Mac users, and nearly no Mac users are really at risk from the latest Java exploits.
#Runtime java for mac windows#
I run VMWare Fusion ( ) (and sometimes Parallels Desktop ) and frequently use Windows virtual machines for visiting those non-Mac-compatible websites I sometimes need for work (again, usually old webcast systems). (I actually run it in Firefox, as another layer of protection, but I’m a raging security geek).Īnother option is to access Java sites only from inside a virtual machine. It’s easier to remember than installing a tool like NoScript which blocks Java on individual pages, but which many non-techie users find cumbersome. For me, I mostly need Java for presenting webcasts, so when I hit a site I must use that requires Java, I use my backup browser.ĭisabling Java in your day-to-day browser and having a second browser for Java needs isn’t perfect, but it does offer a lot of protection. Whichever browser you choose as your secondary one, you should use it only when you know you need to use Java and you are going to a website you know. (I also use Safari for development testing, so I keep it disabled on that). This protects me as I browse around the Web.
I almost never use Firefox, but I still have it installed and Java is enabled in it. For example, I use Chrome as my primary browser, and I disabled Java in it.
Third, pick a secondary browser that you never normally use and re-enable Java in it. Next, re-enable Java applet support in the Java Preferences application (or wait for your Mac to automatically prompt you the next time you need it). In Firefox go to Tools > Add Ons > Plugins and uncheck Java Plug-In. In Safari, go to Safari > Preferences and uncheck Enable Java on the Security pane. In Google Chrome type chrome://plugins in the address bar and click the link to disable Java. Even if you turned it off in Java Preferences, this will keep it from running if you ever change that setting (which we are about to do). (My money is on early release.)įirst, manually disable Java in your Web browsers.
#Runtime java for mac update#
Only time will tell if the company will break its quarterly patch cycle and release an emergency update sooner. The exploit is also now available as an attack in the Metasploit penetration-testing framework, which is freely available and favored by script kiddies and security professionals (myself included) throughout the world.Īt this time, Oracle-which inherited Java when it acquired Sun Microsystems-has not commented on the exploits, although we now know that the company knew about the vulnerabilities since April and was planning to release a patch in its October update. The exploit for the first vulnerability was quickly added to the BlackHole exploitation kit-one of the most widely used malicious hacking tools.
indicated that the active exploit actually took advantage of two separate unpatched Java vulnerabilities (what we, in the industry, call zero-days). Further research by security vendor Immunity Inc. After FireEye’s initial post, details about the vulnerability quickly became public and exploits taking advantage of it appeared in multiple attack tools.
0 kommentar(er)
