Oracle has released a patch for Java which includes 51 fixed vulnerabilities in their popular JVM. It seems every month I marvel at just how many flaws are found in the damn thing.
I’ve said it repeatedly on the forums I frequent and have implemented just what I preach at the organization(s) at which I offer my services – uninstall Java and end the madness. Why?
Most websites have transitioned from using Java applets to more modern alternatives. I have a lot of bad things to say about other client side technologies like Adobe Flash and AIR but you could argue that at least the former of the two aforementioned technologies are still somewhat widely used (mostly for advertisements, so I don’t think you’ll miss it). Java however is well and truly dead.
The only circumstance I can see where one would actually want to have Java on their machines (and begrudgingly at that) would be to support software that requires the JVM – in which case you should at least disable your browser plugin and minimize your exposure. I realize there are also some proprietary web based CRM tools (and so forth) that rely on Java. In these situations I recommend assigning a trusted zone to allow Java execution and disabling it for all sites outside the whitelist. This should be trivial to do on most browsers.
If you are still running Java and you don’t have a good reason, please heed my advice and uninstall the abomination now.
Mike the Crypto Goat 