FLASH: If you’re using Java, update it
As we’ve noted in previous posts on this blog (see Java-based Malware and Anti-Virus, Is it Needed for the Mac?), Java has been and continues to be a gateway for malware to enter your system regardless of OS.
If you’re running Java, there is a serious flaw that could compromise your system. This flaw is only an issue with Java running within a browser (e.g., Internet Explorer, Safari, Chrome, etc), so standalone Java apps are not affected. It permits external access to data on your system without authentication, which is an exploit found in malware on some websites. It’s serious enough to cause the US Department of Homeland Security to issue a request users to temporarily disable Java. The good news is that Oracle has delivered a fix (yet again).
You have two choices. The safest choice is to simply disable it in any browser that you use. Here’s a good article from Gizmo giving directions for various browsers. Alternatively, you can disable its use in browsers via the Java control in the Control Panel (Windows) or System Preferences (Mac).
The other choice, assuming you need Java for some web-application that you run, is to update Java NOW. On the Mac, if you’re running Lion (10.7) or Mountain Lion (10.8), unless you’ve added Java to your system, it’s not installed. The same with Windows 7 or 8 (I don’t know about older versions).
To update it, go to the Java control in the Control Panel on Windows (for Windows 8, change view to icons from categories to easily see it) or click on the Java control under System Preferences for the Mac, then click on Update. If you can’t find the java control, then you don’t have Java installed and never mind.
For more information, go to the Java update page.