Skip to main content
  1. Home
  2. Computing
  3. News

Oracle says your old Java executable might install malware

By

Delete your old Java installers: they could be compromised.

If your downloads folder is a mess of installers and documents from ages past, you might occasionally check it before downloading a piece of software like Java. Oracle put out a statement Friday saying that those old installers might be compromised by files you’ve downloaded since, and that the only safe thing to do is delete the installer and download a fresh copy of Java.

Recommended Videos

The old installers are vulnerable to an exploit called binary planting, PC World is reporting. Older Java installers check the current directory and load up a number of DLL files, meaning any user who is tricked into downloading a malicious DLL could wind up giving attackers near total access to their computer.

Related

“If successfully exploited, it results in a complete compromise of the unsuspecting user’s system,” wrote Eric P. Maurice, Oracle’s software security assurance director, who further explained that actually taking advantage of the security hole would be difficult.

“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website, and downloading files to the user’s system before installing Java 6, 7, or 8,” he said. It’s an unlikely sequence, but not impossible — especially considering the way files tend to cluster in the downloads file and overwhelm users.

Oracle has issued a patched installer that addresses the issue, but the firm can’t retroactively patch installers already on your computer. Oracle outlined the specific versions that were vulnerable: “Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97, or 8u73 for later installation should discard these old downloads and replace them with 6u113, 7u97, or 8u73 or later,” the notice from Oracle states.

But if you really want to protect yourself from these exploits, keep your downloads folder tidy. If you don’t recognize a file there, delete it, otherwise store it somewhere else. If that’s too much effort, consider dragging executables to their own folder before running them.

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…

Editors’ Recommendations

Intel Arc GPU users lose Deep Link features as support ends without notice
The back of the Intel Arc B580 graphics card.

Intel has quietly discontinued its Deep Link technology, the suite of features designed to enhance collaboration between its CPUs and GPUs. Notably, the confirmation did not come through an official announcement, but via a developer comment on a public GitHub thread, where an Intel representative acknowledged that Deep Link is “no longer actively maintained.”

Launched in 2020 alongside Intel’s push into discrete graphics, Deep Link aimed to improve performance and efficiency in systems combining Intel 11th, 12th, or 13th generation processors with Intel Arc GPUs. It bundled several features like Dynamic Power Share which redirected power between the CPU and GPU based on load, Hyper Encode that enabled multi-engine video encoding, and Stream Assist for offloading media tasks to the GPU during live streaming.

Read more
AMD CPUs should support CUDIMM memory soon, but not this generation
Official product render of the G.Skill Trident Z5 Neo memory for AMD.

AMD processors can't make full use of CUDIMM memory just yet, but it may well do before the end of this socket. In a recent interview with DigitalTrends, AMD's product management lead for gaming and workstations, Sourabh Dhir, told us that there was no reason that AM5 couldn't support CUDIMM, but wouldn't be draw on a timeline of when we might see it.

Considering we expect AM5 to be AMD's flagship CPU socket for the next couple of generations at least, that probably means we don't have long to wait for the added memory speed support.

Read more
Asus’ new RTX 5090 might be the most ridiculous GPU ever, and it costs $10,000
RTX 5090 Dhahab Edition.

It's no news that Nvidia makes some of the best graphics cards, and Asus is one of its most prominent partners. However, this time the company truly took things to the next level by launching an RTX 5090 that just might be the most ridiculous GPU I've ever seen. Prices range from $7,000 to over $10,500, and there's a good reason for that ... kind of.

The unique Asus ROG Astral RTX 5090 "Dhahab Edition" draws inspiration from the Middle East. In the announcement, Asus says that the card blends modern technology and cultural heritage, reflecting the rapid growth of the Middle East."

Read more