Java 6 end-of-life

June 21, 2013 jrivett Leave a comment

Oracle has quietly stopped updating Java 6, sort of. A page on the Java download FAQ site states that updates for Java 6 will no longer be publicly posted, and recommends upgrading to Java 7. Updates for Java 6 will still be available to customers who have support contracts from Oracle.

Switching from Java 6 to Java 7 is going to be a problem for anyone who uses Java-based software that is not yet compatible with Java 7. Large organizations with such Java 6 dependencies will either start paying for support (if they aren’t already), or deal with the consequences of allowing their Java 6 based software to become increasingly vulnerable. Smaller organizations and individuals with Java 6 dependencies who cannot afford to pay for Oracle support may want to consider switching to alternative software.

There’s likely to be a certain amount of backlash against this move. At the very least, if Oracle doesn’t back down from this stance, expect a ‘black market’ in Java 6 updates to start up fairly soon: people with access to the official Java 6 patches will make them available to the public. The main problem with this, besides annoying Oracle, is that nefarious persons are likely to use the need for Java 6 patches as a way to spread malware.

I predict that Oracle will relent; as long as they are still developing updates for Java 6, those updates will end up being publicly available.

Java, Patches and updates, Security

Major Java update fixes 40 vulnerabilities

June 19, 2013 jrivett Leave a comment

Oracle has released a new version of Java that addresses a large number of vulnerabilities. This is a scheduled “Critical Patch Update” (CPU) for June 2013.

This moves Java 7 from Update 21 to Update 25 (1.7.0_21 to 1.7.0_25).

Anyone using Java in a web browser should install this update immediately.

Adobe, Chrome, Flash, Google, Patches and updates, Security

Google Chrome 27.0.1453.116 released

June 19, 2013 jrivett Leave a comment

Yesterday, Google announced another new version of their web browser, Chrome.

The new version is 27.0.1453.116, and it includes a few security fixes, as well as the latest integrated version of Flash (11.7.700.225).

Adobe, Flash, Security

Flash clickjacking vulnerability not really fixed

June 18, 2013 jrivett Leave a comment

A Flash vulnerability supposedly already fixed by Adobe is still a problem in some browser/platform combinations. This clickjacking exploit works by hiding a Flash security dialog under other page content, enticing the user into unintentionally clicking the dialog and allowing remote access to the user’s camera and microphone. Be careful what you click!

Java, Patches and updates, Security

Major update for Java coming today

June 18, 2013 jrivett Leave a comment

Oracle has announced an update for Java that is scheduled for release later today. The new version will fix a whopping 40 security vulnerabilities in current versions of Java, with 37 of those being remotely exploitable without authentication.

Adobe, Chrome, Flash, Google, Patches and updates, Security

New version of Chrome with latest Flash

June 12, 2013 jrivett 1 Comment

Google has announced a new version of Chrome with the latest updates to Flash. The new version of Chrome will contain Flash version 11.7.700.225.

At this time, the update has not yet become available for download.

Adobe, Flash, Patches and updates, Security, Windows

Update for Adobe Flash

June 11, 2013 jrivett Leave a comment

Adobe has just announced another Flash update. The new version is 11.7.700.224. As always, this update addresses “vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

The official bulletin has all the technical details. The runtime announcement has additional details.

An equivalent patch for Internet Explorer 10 on Windows 8 will be available from Microsoft Update. The new version of Flash in IE10 will be 11.7.700.224.

Google Chrome has also been updated to include a new version of Flash: 11.7.700.225. Chrome normally updates its own version of Flash automatically.

Update 2013Jun14: The Internet Explorer 10 Flash update is now available.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for June 2013

June 11, 2013 jrivett Leave a comment

This month there are five bulletins, addressing 23 vulnerabilities in Windows, Office and Internet Explorer. Only one (MS13-047, affecting Internet Explorer) is marked as Critical.

The bulletin summary has all the technical details.

Malware, Security

How your login credentials can be stolen

June 7, 2013 jrivett Leave a comment

An excellent post over at Duo Security reviews the seven methods used to steal your user IDs and passwords.

Unfortunately, aside from using strong, unique passwords, running anti-malware software, and being generally careful in one’s online activities, there’s not much an individual can do to protect oneself from these techniques. Most of the responsibility for protecting users is in the hands of the people who run the web sites that use your credentials. When they make mistakes, we all lose.

Actually, there is one sure-fire way to avoid these problems: just don’t use any online service that requires a password. Not too practical, but still better than getting rid of all your computers.

Internet Explorer, Microsoft, Patches and updates, Windows

Advance notification for June 2013 Patch Tuesday