The Department of Homeland Security has issued a warning and a recommendation to disable Oracle Java 7 on desktop computers because it fears that vulnerabilities can lead to an attack that could infect computers, leading to identity theft, or enabling an attacker to download confidential documents.
How are you vulnerable? Well, just having Java on your desktop doesn’t mean you’re going to be immediately hacked. Users must first somehow be tricked into visiting a malicious web site that then runs a Java applet. The applet then is used to execute arbitrary code on your computer and thus potentially exposing it. Note that this vulnerability is only on end-user desktop systems, not on servers that may run Java.
What can you do? First thing to do is to update your version of Java to the latest, which Oracle has updated to patch the vulnerabilities. The latest version is Java 7 update 11. If you feel you must disable Java on your desktop, Oracle has detailed instructions.
If you use Biscom’s Secure File Transfer solution, which also uses a Java applet for handling file uploading and downloading, you don’t have to do anything other than what you do above. Using the BDS applet will not by itself cause you any issues or make you vulnerable. It is only when the user goes to a web site that has a malicious applet that a user may compromise the his or her system. If you do disable Java, BDS will continue to function and users will automatically switch from the applet to the standard file upload mechanism.
You can read more about the vulnerability here on Oracle’s site.
If you need assistance, please contact our support team at [email protected] or call us at 978-250-8355.