Skip to main content
  1. Home
  2. Computing
  3. News

Oracle says your old Java executable might install malware

By

Delete your old Java installers: they could be compromised.

If your downloads folder is a mess of installers and documents from ages past, you might occasionally check it before downloading a piece of software like Java. Oracle put out a statement Friday saying that those old installers might be compromised by files you’ve downloaded since, and that the only safe thing to do is delete the installer and download a fresh copy of Java.

Recommended Videos

The old installers are vulnerable to an exploit called binary planting, PC World is reporting. Older Java installers check the current directory and load up a number of DLL files, meaning any user who is tricked into downloading a malicious DLL could wind up giving attackers near total access to their computer.

“If successfully exploited, it results in a complete compromise of the unsuspecting user’s system,” wrote Eric P. Maurice, Oracle’s software security assurance director, who further explained that actually taking advantage of the security hole would be difficult.

“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website, and downloading files to the user’s system before installing Java 6, 7, or 8,” he said. It’s an unlikely sequence, but not impossible — especially considering the way files tend to cluster in the downloads file and overwhelm users.

Oracle has issued a patched installer that addresses the issue, but the firm can’t retroactively patch installers already on your computer. Oracle outlined the specific versions that were vulnerable: “Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97, or 8u73 for later installation should discard these old downloads and replace them with 6u113, 7u97, or 8u73 or later,” the notice from Oracle states.

But if you really want to protect yourself from these exploits, keep your downloads folder tidy. If you don’t recognize a file there, delete it, otherwise store it somewhere else. If that’s too much effort, consider dragging executables to their own folder before running them.

Justin Pot
Justin Pot
Former Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Topics
Your Firefox tabs can soon hold little notes just for you
Firefox adds tab notes so your 47 open tabs can stop judging you
Mozilla Firefox

If you are the type of person who has 50 tabs open and can’t remember why you opened half of them, Firefox might have just solved your problem.

Mozilla is quietly testing a new "Add Note" feature in the latest experimental version of the browser (Firefox Nightly). It’s super simple: you just right-click on any tab, hit "Add Note," and type a quick reminder to yourself. A little notepad icon then sits next to the tab title so you know there’s something there.

Read more
9 unexpected things I was able to do with ChatGPT (and a few you must try)
From interior design advice and , to vitamins insight and gym goals
9 unexpected things I was able to do with ChatGPT

ChatGPT has become a household name for writing emails, essays, and code – but its abilities go far beyond the obvious. 

With the latest updates, ChatGPT can now see images, browse the web, use specialized tools, and even act as an “AI agent” that carries out tasks for you. 

Read more
Drive meaningful ROI risk-free with MailChimp’s 14-day Standard Plan free trial
Transform how you connect with your audience with smart, automated marketing that drives serious results
Man sitting on chair holding a laptop, woman standing next to him

This post is brought to you in paid partnership with Mailchimp

Whether you're a creator, running a small business, or part of team looking to scale email marketing, MailChimp's Standard plan offers a combination of AI tools, automation, insights, and customization to boost growth.

Read more