This evening, we will be releasing an update to all College computers (Macs and Windows) to address a number of significant vulnerabilities in Java. The following will be impacted:
- Firefox will be updated to the most recent version.
- Java will be updated to the most recent version.
- Adobe Flash and Adobe Reader will also be updated.
- Java will continue to be installed but be disabled – on Windows machines, it will be disabled only in the browser; on Macs it is necessary to disable it completely.
- Instructions will be posted for re-enabling Java if you need to do so.
- If you use another browser, you should ensure it is updated. IE and Safari for Mac are updated as part of your Operating System updates – please make sure that you have run these recently.
Some of you may be aware of recently reported vulnerabilities in Java, including advisories from the Department of Homeland Security. As recently as today, there are reports of continued vulnerabilities, despite multiple patches. Vulnerabilities in Java are currently being exploited to gain unauthorized access to both Mac OS X and Windows computers, often via seemingly innocuous Web sites. While the newest version has made progress in attempting to increase security of its web plugins, this is not the first time Java has had some significant troubles in the recent past, most notably the invasion of over half a million Macs last April. Experts aggressively recommend disabling Java’s browser plugins, or if possible, uninstalling the program altogether.
Java is on most computers as it is used for some local workstation software and sites around the Web. Although Java has had a history of flaws, we have resisted disabling it due to its use in sites and software important to our community. Two things have changed -- sites and software have been moving away from Java as a "client-side" technology, and the vulnerabilities have been growing worse.
While Sophos, our Anti-Virus/Anti-Malware software can defend against many of these attacks, relying solely on this is inadvisable. In recent weeks, manufacturers of many browsers (such as FireFox and Chrome) have chosen to disable the FireFox plug-in when they update. You may find it has already been disabled for you as part of a browser update.
If you find you do need Java – if, for example, you use some features of ArtStor—you can enable it. You should only enable Java if you do need it.
What does this mean for me?
After 5pm today, the next time your computer communicates with Bryn Mawr’s network while on campus, your machine will receive the updates listed above. As large security patches for this software are released, Information Services will continue do its best to help protect your machine from unauthorized access. You may be notified that required software needs to install and in rare cases your computer may ask to restart.
If you are off-campus, we advise that you update your browsers and Java, especially if prompted to do so – the automated update we are providing will run only if you are on campus or have been to campus today with your computer. When you do return to campus and use your computer, this update will run at that time.
As noted above, if you find that you need Java, you can enable it. Instructions can be found here.
What about my home computer?
Please be sure that you have recently run your Windows or Mac OS X updates, that you have updated whatever browser or browsers you are using at your home, and that you are running current Anti-Virus software (both on Windows and on Macs). We also suggest updating and disabling Java.
If you don't have Anti-Virus software, some options are available on our software downloads page.
If you need to know how to disable Java, try these instructions.
If you think your computer has been infected, please make use of our Personal Computer Service or visit a local repair center or technician in your area.