Oracle Java 6 update 26 available now

Filed Under: Java, Malware, Oracle, Vulnerability

Java logoA little over three months since the last update to Java, Oracle has released Java 6 update 26 for Windows, Linux and Solaris.

This update addresses 17 security vulnerabilities and one non-security-related bug. All 17 vulnerabilities allow remote code execution without authentication.

Oracle has rated nine of the flaws as a risk of ten out of ten. All but one of the vulnerabilities affect the Java Runtime Environment client software that runs in your browser.

We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux.

Unfortunately, Mac users will have to wait on Apple to release an update to address these flaws, as Oracle does not provide Java for OS X.

Windows, Linux and Solaris users can download the latest Java from http://java.com/en/download/manual.jsp?locale=en.

If you haven't already, I recommend testing out your standard OS images without the Java plug-in. Most people aren't using Java these days and it reduces the attack surface for exploits delivered over the internet.

Don't confuse JavaScript with Java either; they are totally unrelated. Not installing the Java Runtime Environment (JRE) has no impact on your browser's ability to render web pages that require JavaScript.

If you require Java, be sure that you deploy this update. If you aren't sure it may be worth testing your images without it. The less software plugged into your browser, the harder it is for malcontents to exploit your users.

, , , ,

You might like

6 Responses to Oracle Java 6 update 26 available now

  1. Mich071 · 1202 days ago

    I run Win 7. I removed Java runtime a couple of years ago. Now my AVs do not pop up all the time telling me I'm infected. I play games, watch movies, use MS Office and surf all over the net. I still haven't encountered any probs from not having it so I truly do not know what it is used for. All I know is I don't get infections any more and I can thank dumping Java for it. Excellent advise on your part.

    • GHS · 1199 days ago

      If you run Microsoft EMET 2.1 and add the java exe's to the program, you will no longer have those problems. EMET is a tank, and (up to now) rock solid.

  2. Carol875 · 1202 days ago

    I teach online using Blackboard's WebCT Vista learning management system, and it unfortunately requires Java. :-(

  3. Joe77 · 1202 days ago

    Consider Java runtime a spyware or a magnet for dubious software. is not a good piece of software, and, yet these companies disguised us for year to depend on it. Well they are worng...I dumped W7 a while ago for OS X and I haven't had any problems with Java in that fashion. the less we use middleware Java, the least the malware problem we will have in the future.

    • Jim Mack · 1202 days ago

      You may be better advised to consider the Windows OS and Adobe Flash and Adobe Reader magnes for dubious software, spyware and lots of other baddies. Java is actually a runtime that allows the same softwre to run on different platforms. It is used to write software for all manner of applications and devices. You'd be surprised! Don't be lulled into thinking that just b ecause you uninstalled Java you can now relax . . .

      • Chester Wisniewski · 1202 days ago

        I agree Jim. Anything that you can get rid of reduces your risk though. If you can remove Flash and Reader, go for it! Quality security software that is up to date, an up to date OS and the least number of up to date applications is ideal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.