Java Installer Flaw Shows Why You Should Clear Your Downloads Folder (csoonline.com)

Posted by timothy on Monday February 8, 2016 @12:38PM from the keepin'-it-tidy dept.

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

2 of 64 comments (clear)

Min score:

Reason:

Sort:

That's why you should have a package manager by NotInHere · 2016-02-08 13:09 · Score: 5, Insightful

nuget, apt-get, pacman, whatever. The package manager's installer code was written _once_. No need for reinventing the wheel for every damn installer in the world. No need for fixing the same bugs all over again. Just something that works, and offers updates out of the box without having to spam the user with update notices.
You had me... by mortonda · 2016-02-08 15:14 · Score: 5, Insightful

at "delete all the Java installers".