Important Security Alert-Java 7 (1.7) Vulnerability

Researchers have found a zero-day Java vulnerability that attackers are using to hijack computers on the web.

The bugs are in Java 7 also known as version 1.7 and affect Windows, Mac OS X and Linux operating systems running a Web browser with a Java plugin enabled.

Researchers are advising computer owners to disable Java in all browsers.  That would be the only solution, right now.  The flaws allow a remote attacker to execute code via a Java applet launched by a victim clicking on a link on a hacker’s website or on a hijacked site. The applet can run with the same permissions that the user would normally have.  It can do anything that you can do with your computer. It can upload documents, install keyloggers and backdoors, basically anything.

Information Services manages the Java version levels for all University owned computers.  We are currently running Java Version 6 (1.6) on University owned computers.  Please do not update your Java version.  Updating your Java version could cause other critical applications on University owned computers to stop working because of compatibility issues.  We are checking computers via inventory systems to detect if any University owned computer is running Java version 7 (1.7).

Please take time to check your personal computers at home.

If your University owned computer is running Java Version 7 (1.7) or if you suspect your University owned computer may have a virus, please contact the Customer Service Center ASAP via E-Mail csc@purduecal.edu or you can call them at extension 2888 Option 2.