Carnegie Mellon University Website Home Page

SECURITY ALERT: Critical Vulnerabilities in Java 6 and 7

DAY: Wednesday
DATE: April 24, 2013

Windows, Mac and Linux users running Java versions 6 and 7

Multiple new security vulnerabilities have been discovered in Java and are being actively exploited to compromise computers.  Oracle has released new versions of Java 6 and 7 to correct these vulnerabilities. All Java users should update to new versions as soon as possible. The Information Security Office will continue to monitor for and block known malicious websites and will also notify users of vulnerable computers on the campus network.

If you are running Java version 6, update to Java 6 version 45 as soon as possible. Java 6 version 45 can be downloaded at the following location:

If you are running Java version 7, update to Java 7 version 21 as soon as possible. Java 7 version 21 can be downloaded at the following location:

If your Java installation is configured to automatically update, you may be prompted to install the most recent version without taking any additional action. It is recommended that you visit the Patch Check tool to validate that you have the most recent version installed; see:

Note: Computing Services is partnering with the Oracle Financials and HR Data Warehouse teams to update its supported version of Java 6. Users of these applications should continue to use their current Java version  until notified that a supported release is made available.Customers of the Desktop Support Program (DSP) will also receive separate instructions regarding an update to their managed desktops.

Additional information about this vulnerability is available

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.