Skip to Navigation | Skip to Content

1-14-2013: [UPDATE] Active Zero-Day Java Exploit

« Connect-Direct, December 2012 | Main | Active exploits against Acrobat, PDF Reader (2/14/13) »

A newly discovered zero-day exploit for Java 7 Update 10 is being used by attackers to remotely execute malicious code on vulnerable computers. *UPDATE* As of 1/14/2013, there is a security patch to protect computers against this exploit. You may download it here: Java 7 RU11. Note that there are unresolved vulnerabilities in Java and it is recommended that you disable it if you do not need it.

Most websites and web applications do not require Java, therefore it is possible to disable it without causing any impact to your web browser's functionality. However, because Java is a well-known computing platform used on some websites, disabling it may cause certain web applications to stop working.

At NYU, certain web applications require Java, so disabling it may prevent access to these sites or cause performance stability issues. If you are unsure if disabling Java will affect access to certain web applications, contact your local IT support.

Do the following steps to protect yourself against this attack:

  • Find out if you have Java installed on your computer by visiting Java.com
  • If you do not have Java installed, then you do not need to take any action.
  • If your computer is running Java and you wish to disable it, visit the Java website
  • If your computer is running Java and you require it for accessing certain web applications, make sure to download the latest version, Java 7 RU11, here here.
  • After you've updated Java to the latest version, make sure to heed TSS's security recommendations to reduce the possibility of your computer becoming infected. Check back regularly on the US-CERT website for the latest information regarding this vulnerability.

If need further assistance, contact your local IT support or contact the IT Service Desk, open 24x7x365. In New York, call 212-998-3333; in Abu Dhabi call 02-628-8888. For full contact information at all NYU global sites, see www.nyu.edu/its/askits/helpdesk.

NYU TECHNOLOGY SECURITY SERVICES