Sun Systems released an uncharacteristic emergency update today after a vital security flaw was discovered by a Google researcher last week. While the release notes don’t specifically mention the flaw, Java 6 Update 20 does correct the security hole.
The vulnerability in question is a “drive-by download” flaw, which allows websites to download files onto your computer just by visiting the site. This means that viruses, spyware, and malware could be downloaded and installed on your system without so much as a click from you. Such holes in security often bypass important safety features in anti-virus, anti-spyware, and firewall software.
Upgrading to Java 6 Update 20 is fast, free, and highly recommended. Several websites have already been created to take advantage of this flaw, and as long as you are using the older version of Java you are vulnerable.
To download the new version of Java, visit http://java.sun.com/javase/downloads/index.jsp and click the download button for JRE. Java Run Environment is the software required to run Java applications on your computer. The JRE button is located below the button to download JDK, which you do not need unless you are a developer of Java applets. You then can choose either the online or offline installer. After you start running the installer, you will be asked if you would like to install the Yahoo or Bing toolbar as well. This product is not necessary to run Java and isn’t recommended for most users, so make sure to uncheck that box before you proceed with the installation process unless it’s something you’re particularly interested in having on your browser.
If that seems a little complicated to you, or if you want to get your system checked out to make sure you haven’t already become a victim of one of these drive-by downloads, you can make an appointment with a Computer Geeks technician today. We can clean out any malware on your system, get the new version of Java installed, and even check for important security patches for other programs that you may have missed.