Microsoft: Update Java or kill it
Microsoft has decided is enough is enough: Java-based malware sees no end and it's time to do something about it. The software giant points to two type-confusion vulnerabilities (CVE-2012-0507 and CVE-2012-1723) that have been very actively exploited in recent months. Redmond thus wants you to do one of three things: update Java, disable it, or uninstall it.
First, some background. Type-confusion vulnerabilities are effective because they lead to a Sandbox compromise for Java. They occur when the type safety check in Java Runtime Environment (JRE) fails to verify wrong types supplied to instructions working with different types. If the classes' type safety is broken, you can access some methods that are not supposed to be opened to processes outside of the class. As a result, Microsoft's first recommendation is to update your Java installation. To check the version of JRE your browser is running, head over to java.com/en/download/installed.jsp and get the latest version.
- Wed, 2012-09-19 23:37
- Fri, 2012-03-30 00:51
- Thu, 2013-05-23 10:39