Java Vulnerability There is a security vulnerability in Oracle Java 6 & 7 that may present a security threat to your computer. Java 7 is the latest release of a programming language and computing platform used as the underlying technology that powers state-of-the-art programs including utilities, games, and business applications on personal computers and billions of devices. Java 6 was the previous version that is still in use for some applications. For users with computers provided by MCIT (CoreImage): MCIT is aware of the vulnerability and is taking measures to automatically patch those CoreImage workstations with Java 7 to release 2 CoreImage customers do not need to manually upgrade their Java software. Any customer on Java 6 should remain on this version. If you have any questions, please contact the MCIT Service Desk at 936-8000. CoreImage workstations usually have a TermID tag on the exterior of the computer. If you are uncertain if you are using a CoreImage workstation, please visit the CoreImage page for more information. Have Questions or Need Help? If you would like assistance resolving this security issue on non-coreimage workstations, please contact MSIS in one of the following manners: Email: msishelp@umich.edu Phone: 734-763-7770 Our technicians are prepared to assist with testing to see if your computer is vulnerable and apply the appropriate patches and remediations. For conference rooms with permanent computers or other departmental equipment that you would like us to manage, please include that information when contacting MSIS. Contents How do I know if I am affected (Macintosh OS X only)? What do I do? Disable Java in Unused Browsers Macintosh OS X Chrome Firefox Safari Chrome Firefox Internet Explorer 7 Internet Explorer 8 or 9 Safari Install Oracle Java 6 & 7 Updates Macintosh OS X How do I know if I am affected (Macintosh OS X only)? This issue affects Java 7 (prior to release 21) and Java 6 (prior to release 45) provided directly by Oracle, so first determine which version of Java you are using on your Macintosh OS X based computer. Click on the Apple in the upper left corner of the screen and select System Preferences...
In the System Preferences window, if Oracle Java is installed on the workstation, under the heading Other in last row of icons there will be an icon for Java. If the Java icon is not present, then the Java plug-in is one supplied by Apple and no action needs to be taken. The workstation is not affected by the current security vulnerability. If the icon is present, then the plugin is supplied by Oracle. Proceed to the What do I do? section. What do I do? The specific procedures for addressing the vulnerability are listed in the next sections for each operating system and will guide you through the following processes: Installing updates as described by Oracle Disabling Java in unused browsers If Java is needed, enabling one primary browser for use with trusted sites Before selecting a procedure, perform the following steps: Identify which browser to use with trusted sites if Java is needed. For the browsers you are not using, use the following instructions to determine what version of Java they are running and disable it if needed: Chrome Firefox Mac Mac Internet Explorer 7 n/a Internet Explorer 8 or 9 Safari n/a Mac For the one primary browser you will be using, updating Java in the operating system should also update the plug-ins used by the browser. All browsers should be shut down before running the update. 4. Monitor your email for future updates from MSIS regarding this security vulnerability. Disable Java in Unused Browsers Macintosh OS X Chrome Launch Chrome. In a Chrome window, to the right of the address bar, select the Chrome Menu button and then select Settings.
At the bottom of the settings menu, click the Show advanced settings... link. When the menu expands, under the Privacy heading, click the Content Settings... button. 4. When the Settings window appears, scroll down and locate the Plug-ins group. At the bottom, click the Disable individual plug-ins... link. 5. When the plug-ins page displays, Scroll down the list and locate Java(TM). Click the disable link.
6. Java is now disabled in Chrome. Close the open settings windows. Firefox Launch Firefox. In a Firefox window, go under the Tools menu and select Add-ons. In the column on the left, select the Plugins option. Scroll down the list and locate Java Applet Plug-in Java 7 (usually accompanied by an update or version number) and, if it is enabled, click the Disable button. If the button displays Disable, do not click the button to leave it as disabled. 4. Quit Firefox by going under the Firefox menu at the top of the screen and selecting Quit. Launch Firefox again to now run the browser with Java disabled. Safari Launch Safari. Go under the Safari menu and select Preferences... In the preferences window, click the Security icon. Uncheck the Enable Java box. 4. Quit Safari by going under the Safari menu at the top of the screen and selecting Quit. Launch Safari again to now run the browser with Java disabled.
Chrome Launch Chrome. In a Chrome window, to the right of the address bar, select the Chrome Menu button and then select Settings. At the bottom of the settings menu, click the Show advanced settings... link. When the menu expands, under the Privacy heading, click the Content Settings... button. 4. When the Settings window appears, scroll down and locate the Plug-ins group. At the bottom, click the Disable individual plug-ins... link.
5. When the plug-ins page displays, Scroll down the list and locate Java(TM). Click the disable link. 6. Java is now disabled in Chrome. Close the open settings windows. Firefox Launch Firefox. In a Firefox window, in the upper left, click on the red Firefox button and then, from the right-hand column, click Add-ons. In the column on the left, select the Plugins option. Scroll down the list and locate Java(TM) Platform SE 7 (usually accompanied by an update or version number) and, if it is enabled, click the Disable button. If the button displays Disable, do not click the button to leave it as disabled.
4. Close any open Firefox windows. Launch Firefox again to now run the browser with Java disabled. Internet Explorer 7 Launch Internet Explorer. In an Internet Explorer window, on the right hand side of the window under the Search box, click Tools menu, select Manage Add-ons, and then select Enable or Disable Add-ons. The Manage Add-ons window will display with a list of currently loaded Add-ons. Scroll down the list and locate any Java(tm) entries (if loaded, there will be more than one Java plug-in listed). Click a Java(tm) entry to highlight it and then, in the Settings box, select the Disable option. 4. The selected Java(tm) entry will move from the Enabled category to the Disabled category. Repeat the process for other Java(tm) entries. Once the entries have been disabled, click the OK button. Close any open Internet Explorer windows. Launch Internet Explorer again to now run the browser with Java disabled. Internet Explorer 8 or 9 Launch Internet Explorer. In an Internet Explorer window, on the right hand side of the window under the Search box, click Gear icon and select Manage add-ons.
The Manage Add-ons window will display with a list of currently loaded Add-ons. In the Add-on Types column on the left, select Toolbars and Extensions. Locate and highlight the Java(tm) entries. In the lower right corner, click the Disable All button. Click the Close button and then close any open Internet Explorer windows. Launch Internet Explorer again to now run the browser with Java disabled. Safari Launch Safari. Go under the Safari menu and select Preferences... In the preferences window, click the Security icon. Uncheck the Enable Java box.
4. Quit Safari by going under the Safari menu at the top of the screen and selecting Quit. Launch Safari again to now run the browser with Java disabled. Install Oracle Java 6 & 7 Updates Macintosh OS X Confirm all browsers are shut down before running the update. Click on the Apple in the upper left corner of the screen and select System Preferences... In the System Preferences window, under the heading Other in last row of icons, double-click the Java icon. 4. Once Java control panel loads (it may take a few minutes), select the Update tab. 5. If an update is available, an Update Now button will be present. Click the Update Now button and let the update download. Once the download completes, the button will change to Install and Relaunch. Click the button and wait for the Java update to be installed. After installation, this cycle may need to be repeated since Java may be several releases behind. Proceed to the next step once the panel indicates the system has the recommended version of Java.
6. To keep Java up to date, confirm the Check for Updates Automatically box is checked before closing the window. Confirm all browsers are shut down before running the update. Access the Control Panel: For XP: Click on the Start button, then select Settings, and then select Control Panel. For Vista/7: Click on the Start button and then select Control Panel.
Launch the Java Control Panel by double-clicking the Java icon. 4. 5. Click the Update tab. Click the Update Now button.
6. Generally, follow the default prompts. However, if the Java installation asks if you want to install the "Ask" browser toolbar, UNCHECK the Install the Ask Toolbar and make Ask my default search provider box before continuing. Currently, this prompt may also appear during automatically installed updates. Always look for this option and uncheck the box if prompted for confirmation. 7. To keep Java up to date, confirm the Check for Updates Automatically box is checked before closing the window. If the Ask toolbar is installed inadvertently, the toolbar can be removed using the instructions on the Uninstalling the Ask Toolbar page.