Alert: Java Vulnerabilities
Recently, Oracle released updates to correct the flaws in Java Version 7 that prompted the notice sent from Information Technology Services (ITS) on January 23. We have taken steps to install the latest updates to both Java 6 and 7 on all University-owned computers. Only computers that were listed in our software database as having a vulnerable version of Java 7 (1.7) received Java 7. All other computers received an update to Java Version 6 that corrects several issues. To date, no residual issues have been found with upgraded installations of Java 6 or Java 7. As an added security measure ITS has set all Java security settings to "High" and recommend that you do not execute any unknown Java applets outside of Loyola.
What Should I Do?
For your University-owned computer, you don’t need to do a thing, as ITS has completed the updates for you.
For your home computer, if you have Version 6 (1.6), the latest version is Java 6 (1.6) Update 41 and it is a safe update. If prompted by your computer, updating your Java version will introduce this new version level on your computer and correct any known vulnerabilities. The latest version of Java 7 is 1.7 Update 15. If prompted by your computer, it is safe to update to this version. Please note that updating to Java 1.7 Update 15 may remove all prior versions of Java including Java 6.
Please take the time to check your personal computers at home and update your Java version.
Why Should I do this?
Updating your Java version will add protections to your computer and prevent your computer from possibly being compromised. The malicious software installed through these attacks may collect usernames and passwords used on the compromised computer, including credentials for sensitive websites, bank accounts, e-mail etc.
Please be aware that if you do not have Java 7, there is no reason to install it at this time. There is a known issue with Java 7 that prevents users from accessing Kronos from Firefox browsers. If you have Java 7 on your computer, please use Internet Explorer for Kronos. Accessing Kronos with only Java 7 may result in 2 Security Warning messages. When presented with these messages click the “RUN” button. This will be followed by a Warning box. Click “Run with the Latest Version”. See below for more information.