Dear Sleepless, It’s true. Here’s the link to the US-CERT alert: http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Basically, someone found a way to get around Java’s built-in security. This means that if you click a link or go to a bad site that has been set up to hack visitors using this code they can make your computer do all kinds of things. The Java folks (Oracle) are working on an update to fix the vulnerability but it hasn’t been released yet. Since the exploit requires you going to a site that someone built specifically to hack people’s computers, if you stick to sites you know and trust, you should be fine. However, to be 100% safe you can disable Java until the update “fix” is ready. Instructions on how to do that can be found here: http://java.com/en/download/help/disable_browser.xml There is a constant battle between all of these various technologies and the jerks that try to find and exploit security holes. They’ll find an exploit, then Oracle will release an update that “closes” that particular hole. If you don’t update it you’re vulnerable to more exploits. Disabling Java won’t keep it from updating, it will just not allow java code (good or bad) to run. This might make some websites not work right if they need to use Java. You can always re-enable it as needed. ~Charlie |
