UISO|Loyola University Chicago

UISO

searchform
This siteLUC.edu

Alert: Java Vulnerabilities

Synopsis


Recently, Oracle released updates to correct the flaws in Java Version 7 that prompted the notice sent from Information Technology Services (ITS) on January 23. We have taken steps to install the latest updates to both Java 6 and 7 on all University-owned computers. Only computers that were listed in our software database as having a vulnerable version of Java 7 (1.7) received Java 7.  All other computers received an update to Java Version 6 that corrects several issues. To date, no residual issues have been found with upgraded installations of Java 6 or Java 7.  As an added security measure ITS has set all Java security settings to "High" and recommend that you do not execute any unknown Java applets outside of Loyola.

What Should I Do?

For your University-owned computer, you don’t need to do a thing, as ITS has completed the updates for you.

For your home computer, if you have Version 6 (1.6), the latest version is Java 6 (1.6) Update 41 and it is a safe update. If prompted by your computer, updating your Java version will introduce this new version level on your computer and correct any known vulnerabilities. The latest version of Java 7 is 1.7 Update 15. If prompted by your computer, it is safe to update to this version.  Please note that updating to Java 1.7 Update 15 may remove all prior versions of Java including Java 6.

Please take the time to check your personal computers at home and update your Java version.

Why Should I do this?

Updating your Java version will add protections to your computer and prevent your computer from possibly being compromised. The malicious software installed through these attacks may collect usernames and passwords used on the compromised computer, including credentials for sensitive websites, bank accounts, e-mail etc.

Please be aware that if you do not have Java 7, there is no reason to install it at this time.  There is a known issue with Java 7 that prevents users from accessing Kronos from Firefox browsers.  If you have Java 7 on your computer, please use Internet Explorer for Kronos.  Accessing Kronos with only Java 7 may result in 2 Security Warning messages.  When presented with these messages click the “RUN” button.  This will be followed by a Warning box.  Click “Run with the Latest Version”.  See below for more information.

Java 7 (1.7) and KRONOS Time Card
 
In order to operate, Kronos Timecard requires the use of Java which has been known to contain vulnerabilities that expose computers to the installation of viruses. Most computers at Loyola and many home computers contain installation of Java version 6.  Oracle has since ended support for this version. The latest version of Java is version 7 release 15. Since the release of Java 7 release, 15 we have found, in some instances, that Java 6 was uninstalled from computers. This has resulted in security warning messages that are displayed when Kronos is executed.
When accessing Kronos with Java version 7 you may be presented with the following message:
 
This message is normal and is caused by the default security level setting in Java which is set to high. To continue, click run. You will again be presented with a similar message.
 
Click Run.
The last message you will receive is a warning that Kronos is requesting an old version of Java. This is because Kronos is set to look for Java version 6 and due to the installation of Java version 7 that application is no longer on your computer. To continue and to use Kronos click the “Run with the Latest Version” button.  Kronos will execute and you will be able to use it normally.
If you have any questions, please call the ITS helpdesk at 773-508-4487
 

Edit this page