Carnegie Mellon University Website Home Page

SECURITY ALERT: Critical Vulnerability in Java 7 (or 1.7)

(US Eastern Time)
DAY: Tuesday
DATE: January 15, 2013


Windows, Mac and Linux users running Java 7 (or 1.7).


A new critical vulnerability in Java is being actively exploited to compromise computers. Oracle has recently released Java 7 Update 11 to correct the issue. All users of Java 7 should upgrade to Java 7 Update 11 as soon as possible. The Information Security Office will continue to monitor for and block known malicious websites as well as monitoring for and notifying users of vulnerable computers on the campus network.


Users should validate what version of Java is being used by their browser(s). This can be done by using the Patch Check tool available on the Information Security Office website. Be sure to verify the version of Java for each browser that you use.

If you are running Java 6 (or 1.6), no additional action is needed at this time. You should continue to visit the Patch Check tool periodically to verify that you are running the most current version of Java 6.

If you are running Java 7 (or 1.7), upgrade to Java 7 Update 11 as soon as possible. Java 7 Update 11 can be downloaded at the following location.

Note: Desktop Support customers are most likely running Java 6 and should not be running Java 7 except in rare circumstances.

If your Java installation is configured to automatically update, you may be prompted to install the most recent version without taking any additional action. It is recommended that you still visit the Patch Check tool to validate that you have the most recent version installed.


Additional information about this vulnerability can be found at:


Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.