If you’ve been following the news surrounding the latest Java 0-Day vulnerability, then you’re aware that it is already being exploited. You may also be aware that US-CERT has made an official recommendation that everyone disable Java in their web browsers until this vulnerability has been fixed.
Reality is, though, that end users won’t voluntarily make changes for the sake of security unless those changes are simple.
So here it is, folks: the simplest way to disable Java in all your web browsers at once.
- Open the Java Control Panel
- In Windows (7), go to Start > Control Panel
- In Mac OS X (10.7.3 and above), go to System Preerences > Control Panel
- Change View by: to Large icons, and then click Java
- Select the Security tab in the Java Control Panel, uncheck the box that reads Enable Java content in the browser, and click OK to save your changes
(On a side note, you may want to create a shortcut on your desktop to the Java control panel, just in case you need to find it again.)
Remember that keeping your operating system and your desktop applications fully patched will close these security holes as soon as a fixed is released. Secunia Personal Software Inspector (PSI) is great little app that will keep automatically update all of the programs on your home PC for you.
Stay safe out there!
UPDATE 1: I was contacted by a few readers who don’t have the Enable Java content in the browser option in their control panel. If this applies to you, chances are that you’re either running an older version of Java or that you have multiple versions of Java installed on your system.
You can check which versions are installed in the Java control panel by going to the Java tab and clicking the View… button.
If you see any versions of Java other than 1.7, please be aware that Oracle/Sun have announced that they’ll no longer issue public updates to these older versions as of February 2013. That means the next time a vulnerability comes out for those non-1.7 versions of Java, they won’t even try to patch it.
My recommendation? Uninstall the older versions of Java, reboot, and then go back into the Java control panel to disable Java in your web browsers.
I wish I could make it easier for you, folks. For all the cool things that Java enables us to do, it’s an absolute mess when it comes to both security and support. 🙁
UPDATE 2: Looks like Oracle has released ANOTHER update already. When I revisited this post, I realized I didn’t include a link for downloading and installing the latest version of Java. Sorry for the oversight.
To download and install the latest version of Java, visit Oracle’s official Java download site.