Java Installer Flaw Shows Why You Should Clear Your Downloads Folder

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

Duplicate

[Nicopa]

Just hours ago: http://it.slashdot.org/story/1...

Re:Duplicate

[simplypeachy]

Naw, the other article was for a previous version of the JRE.

That's why you should have a package manager

[NotInHere]

nuget, apt-get, pacman, whatever. The package manager's installer code was written _once_. No need for reinventing the wheel for every damn installer in the world. No need for fixing the same bugs all over again. Just something that works, and offers updates out of the box without having to spam the user with update notices.

Enough already!

[b1ng0]

Get rid of this paid itwbennett schill! Two articles in one day all going to the same website. Look at his post history. Every post goes to one of two sites! If this is what whiplash meant by improving Slashdot, there is no hope left for this site.

They still patch Java 6?!?

[supremebob]

What I learned from this post is that Oracle still does Java security patches for Java 6. I thought that it was End Of Life three years ago!

Re:They still patch Java 6?!?

[Billly+Gates]

Sure if you buy an expensive RDMS you don't need they will fix their own products

You had me...

[mortonda]

at "delete all the Java installers".