Skip to main content
  1. Home
  2. Computing
  3. News

Oracle says your old Java executable might install malware

Justin Pot
By

java installer binary planting exploit oracle sign headquarters hq header
Ken Wolter/123rf
Delete your old Java installers: they could be compromised.

If your downloads folder is a mess of installers and documents from ages past, you might occasionally check it before downloading a piece of software like Java. Oracle put out a statement Friday saying that those old installers might be compromised by files you’ve downloaded since, and that the only safe thing to do is delete the installer and download a fresh copy of Java.

The old installers are vulnerable to an exploit called binary planting, PC World is reporting. Older Java installers check the current directory and load up a number of DLL files, meaning any user who is tricked into downloading a malicious DLL could wind up giving attackers near total access to their computer.

“If successfully exploited, it results in a complete compromise of the unsuspecting user’s system,” wrote Eric P. Maurice, Oracle’s software security assurance director, who further explained that actually taking advantage of the security hole would be difficult.

“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website, and downloading files to the user’s system before installing Java 6, 7, or 8,” he said. It’s an unlikely sequence, but not impossible — especially considering the way files tend to cluster in the downloads file and overwhelm users.

Oracle has issued a patched installer that addresses the issue, but the firm can’t retroactively patch installers already on your computer. Oracle outlined the specific versions that were vulnerable: “Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97, or 8u73 for later installation should discard these old downloads and replace them with 6u113, 7u97, or 8u73 or later,” the notice from Oracle states.

But if you really want to protect yourself from these exploits, keep your downloads folder tidy. If you don’t recognize a file there, delete it, otherwise store it somewhere else. If that’s too much effort, consider dragging executables to their own folder before running them.

Editors' Recommendations

Top 10 Windows shortcuts everyone should know

An individual using a laptop's keyboard.

Twitter’s latest features are all about curbing election misinformation

Twitter's new election-specific features shown on a smartphone.

Microsoft’s emoji library goes open source

The design process of emoji.

The most common Microsoft Teams problems, and how to fix them

A close-up of someone using Microsoft Teams on a laptop for a videoconference.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Elon Musk talks to the press as he arrives to to have a look at the construction site of the new Tesla Gigafactory near Berlin.

Cheap gaming laptop: Get the Dell G15 for $700 with this deal

Dell Gaming G15 Laptop on White Background

Google Stadia is experimenting with achievement-based demos

Google Stadia

SpongeBob SquarePants: The Cosmic Shake gets a reality-bending new trailer

SpongeBob with balloon Patrick and his friends

Lenovo’s cheap 2-in-1 laptop just got a 31% price drop

A Lenovo IdeaPad Flex 5 with 14-inch display sits open on a white background.

Inu-Oh review: A visually inventive anime rock opera

Tomona playing the biwa to a crowd in Inu-Oh.

Emily the Criminal review: Aubrey Plaza scores as a gig-economy hustler

Aubrey Plaza looks behind her in Emily the Criminal.

The 102 best movies on HBO Max right now (August 2022)

The cast of Kung Fu Panda.

How to hide the notch on the MacBook Pro and MacBook Air

The screen of the MacBook Air on a table.