{"id":985,"date":"2013-01-22T10:03:32","date_gmt":"2013-01-22T15:03:32","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=985"},"modified":"2020-02-26T18:56:07","modified_gmt":"2020-02-26T14:56:07","slug":"java-handle-with-care","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/java-handle-with-care\/985\/","title":{"rendered":"Java: Handle With Care"},"content":{"rendered":"

Software vulnerabilities are published every day, by the hundreds, and most users don\u2019t think much about them, aside from them time it takes them to update their software. But when it comes to flaws like the latest pair of vulnerabilities in the Java platform<\/a>\u2013which is installed on hundreds of millions of PCs\u2013users often are at risk for weeks or months without ever knowing it.<\/p>\n

Many users may not even realize that they have Java installed on their PCs. It typically comes pre-installed on new machines and it\u2019s one of the many applications and plug-ins that run in the background and escapes the notice of typical users. Java does not, however, escape the notice of attackers. It\u2019s one of their favorite targets, for a variety of reasons, not the least of which is the fact that it\u2019s installed on hundreds of millions of machines and has a slew of vulnerabilities.<\/p>\n

Once upon a time, Java was ubiquitous online and users needed to have it installed in order to browse the Web. But that\u2019s no longer the case, and users would do well do disable Java or uninstall it altogether. Security experts recommend that, unless you have a specific need for Java, you disable it, at a minimum.<\/p>\n

\u201cWe\u2019ve been telling folks to disable Java 10 times a year for the past couple of years now,\u201d HD Moore, a well-known security researcher, said. \u201cIt\u2019s really to the point where you should be telling people to keep it disabled all the time.\u201d<\/p>\n

Java vulnerabilities often are used in attacks known as \u201cdrive-by downloads\u201d in which exploit code for a given flaw is loaded onto a Web site and then used to take advantage of the vulnerability present in a user\u2019s browser. This happens in the background, without the user\u2019s knowledge, and the result is that malware ends up on the victim\u2019s machine and then can be used to steal information silently.<\/p>\n

The good news is that users of Kaspersky Lab\u2019s antivirus software<\/a> and security software have been protected against exploits for the latest Java vulnerabilities for several weeks, thanks to the Automatic Exploit Prevention technology.<\/p>\n

\u201cThe first appearance of the exploit\u2019s prevention in our KSN community seemed to be January 6th. But as we dig back further, we find related samples from mid-December. So, we have been preventing this 0day in particular for quite some time,\u201d Kurt Baumgartner, a Kaspersky Lab researcher<\/a>, wrote in an analysis of the recent attacks.<\/p>\n

If you\u2019re still running Java, the best advice is to ensure that your security software is up-to-date and that you are conscientious about updating Java whenever a new version is available.<\/p>\n","protected":false},"excerpt":{"rendered":"

Software vulnerabilities are published every day, by the hundreds, and most users don\u2019t think much about them, aside from them time it takes them to update their software. But when<\/p>\n","protected":false},"author":32,"featured_media":1011,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[266,267,268],"class_list":{"0":"post-985","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-java","9":"tag-pc","10":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/java-handle-with-care\/985\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/java-handle-with-care\/985\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/java-handle-with-care\/985\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/java-handle-with-care\/985\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/java-handle-with-care\/985\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/java-handle-with-care\/218\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/java-handle-with-care\/985\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/java-handle-with-care\/985\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/java\/","name":"java"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=985"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/985\/revisions"}],"predecessor-version":[{"id":15464,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/985\/revisions\/15464"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/1011"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}