Skip to main content
  1. Home
  2. Computing
  3. News

Oracle says your old Java executable might install malware

By
Add as a preferred source on Google

Delete your old Java installers: they could be compromised.

If your downloads folder is a mess of installers and documents from ages past, you might occasionally check it before downloading a piece of software like Java. Oracle put out a statement Friday saying that those old installers might be compromised by files you’ve downloaded since, and that the only safe thing to do is delete the installer and download a fresh copy of Java.

Recommended Videos

The old installers are vulnerable to an exploit called binary planting, PC World is reporting. Older Java installers check the current directory and load up a number of DLL files, meaning any user who is tricked into downloading a malicious DLL could wind up giving attackers near total access to their computer.

“If successfully exploited, it results in a complete compromise of the unsuspecting user’s system,” wrote Eric P. Maurice, Oracle’s software security assurance director, who further explained that actually taking advantage of the security hole would be difficult.

“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website, and downloading files to the user’s system before installing Java 6, 7, or 8,” he said. It’s an unlikely sequence, but not impossible — especially considering the way files tend to cluster in the downloads file and overwhelm users.

Oracle has issued a patched installer that addresses the issue, but the firm can’t retroactively patch installers already on your computer. Oracle outlined the specific versions that were vulnerable: “Java SE users who have downloaded any old version of Java SE prior to 6u113, 7u97, or 8u73 for later installation should discard these old downloads and replace them with 6u113, 7u97, or 8u73 or later,” the notice from Oracle states.

But if you really want to protect yourself from these exploits, keep your downloads folder tidy. If you don’t recognize a file there, delete it, otherwise store it somewhere else. If that’s too much effort, consider dragging executables to their own folder before running them.

Justin Pot
Justin Pot
Former Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Topics
Windows 11 is getting a new Screen Tint mode, and your eyes might thank Microsoft
Users can apply custom color overlays to reduce screen intensity and visual fatigue.
Windows 11 on a laptop

Microsoft is testing a new accessibility feature for Windows 11 called Screen Tint, and it could be one of those small additions that make a surprisingly big difference. Instead of changing your display's color temperature like Night Light, Screen Tint applies a customizable color overlay across the entire screen, making bright displays easier on the eyes during long work or gaming sessions.

A softer screen for tired eyes

Read more
Apple’s looking at a politically radioactive fix for the memory crisis, and the US government isn’t happy about it
Apple blamed memory costs for your price hike. Its proposed solution involves a Pentagon blacklist.
Apple Mac Mini on a Desk

A few days ago, Apple announced an ugly mid-cycle price hike, blaming the worsening-by-the-day memory crisis. According to the Financial Times, the company is now lobbying the government for approval to buy memory chips from a Chinese company. 

The company in question is CXMT, a Chinese chipmaker that the Pentagon added to its Chinese Military Company blacklist for alleged ties to the Chinese army.

Read more
As iPads get pricier, Motorola’s Pad 70 Pro arrives as a solid option… just not for US buyers yet
Great specs, a stylus in the box, and no US launch date: the Moto Pad 70 Pro sounds both impressive and disappointing.
Computer, Electronics, Laptop

If you don’t know about Apple’s recent price hike, which affected all the products in its lineup except the iPhone and Apple Watch (for now), you’ve got to be living under some sort of a rock. The revision made all the iPads much more expensive. 

Motorola, however, has just launched a 13-inch tablet that actually sounds good on paper. It’s called the Moto Pad 70 Pro, and it costs around $440 for the baseline model. The catch, however, is that the device isn’t available in the US yet. 

Read more