January 18, 2013



K-State response to Java vulnerability

By Robert Vaile

Considerable media reports recently have focused on a commercial technology known as Java, which is integrated into the Web browser on most PCs, including Windows, Macs and Linux machines.

Java is a product of Oracle Corp., which recently issued an update to Version 7 of its code to address the security threats that the vulnerabilities may cause. Although further updates may be needed to completely address the threats, it is recommended that users download the update for added protection at http://www.java.com/download/.

Some government and industry spokespersons have recommended that Java be disabled in browsers, and Oracle provides a procedure to do so here: http://www.java.com/en/download/help/disable_browser.xml. However, users should recognize that Java is required in order to access many Web-enabled applications and services, including some on campus systems. Additional configuration settings and browser add-ons can be added to browsers to allow users more control of Java as needed. Speak to your system administrator for additional guidance.

For more technical information on the vulnerability see http://www.kb.cert.org/vuls/id/625617.