Skip to main content

Oracle says your old Java executable might install malware

java installer binary planting exploit oracle sign headquarters hq header
Ken Wolter/123rf
Delete your old Java installers: they could be compromised.

If your downloads folder is a mess of installers and documents from ages past, you might occasionally check it before downloading a piece of software like Java. Oracle put out a statement Friday saying that those old installers might be compromised by files you’ve downloaded since, and that the only safe thing to do is delete the installer and download a fresh copy of Java.

The old installers are vulnerable to an exploit called binary planting, PC World is reporting. Older Java installers check the current directory and load up a number of DLL files, meaning any user who is tricked into downloading a malicious DLL could wind up giving attackers near total access to their computer.

“If successfully exploited, it results in a complete compromise of the unsuspecting user’s system,” wrote Eric P. Maurice, Oracle’s software security assurance director, who further explained that actually taking advantage of the security hole would be difficult.

“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website, and downloading files to the user’s system before installing Java 6, 7, or 8,” he said. It’s an unlikely sequence, but not impossible — especially considering the way files tend to cluster in the downloads file and overwhelm users.

Oracle has issued a patched installer that addresses the issue, but the firm can’t retroactively patch installers already on your computer. Oracle outlined the specific versions that were vulnerable: “Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97, or 8u73 for later installation should discard these old downloads and replace them with 6u113, 7u97, or 8u73 or later,” the notice from Oracle states.

But if you really want to protect yourself from these exploits, keep your downloads folder tidy. If you don’t recognize a file there, delete it, otherwise store it somewhere else. If that’s too much effort, consider dragging executables to their own folder before running them.

Editors' Recommendations

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
I fell in love with this PC case that looks like a cheese grater
Cooler Master Qube 500 PC case sitting on a coffee table.

Who would've thought Apple's infamous "cheese grater" design for the Mac Pro would work its way into custom PCs? For as much flak as Apple caught, the design of the Mac Pro certainly made a statement, and Cooler Master is making a similar statement with its highly modular Qube 500 Flat Pack.

It spits in the face of the best PC cases, going rogue with a design that feels all its own. It's not just a case with a bunch of holes, though; the Qube 500 features a modular, flat-pack design that provided one of the most unique building experiences I've ever had.
Build as you build

Read more
After this year, I finally understand why people buy prebuilt gaming PCs
The Hyte Y60 with an RTX 4090 installed.

I've never been a fan of prebuilt PCs. And no, it's not just because I'm a DIY PC-building snob. In the past, building my own was not only fun -- it was also easier and cheaper.

But for all sorts of reasons, this year more than ever, my eyes have been opened to why people keep turning to ready-made desktop PCs instead of trying to build one on their own.

Read more
These were the laptop trends that dominated 2023
HP Spectre Foldable PC front view showing full length display and separate keyboard.

In some ways, 2023 was a quiet year when it came to laptops. After coming off the high of PC sales during the peak of the pandemic, 2023 was the year of the correction. Many of the most popular lines received minor upgrades, and there weren't many significant technological innovations that pushed laptops forward.

Even so, there were five trends in 2023 that are worth looking back on and that point toward what's coming in the future.
Some prominent lines remained largely unchanged

Read more