The Etsy forums lit up today with the news that a critical security hole (exploit) has been found in Java, a plugin installed with many browsers. Brittany asked me to explain what the security hole means and what you can do to defend yourself.
Java is a technology akin to Flash that allows websites to do things beyond the power of the browser. It’s often used for file uploads; Facebook used to have a bulk photo upload tool that was a Java plugin; only recently did they change the technology.
The security hole allows Java to install malicious software on your system when you visit a website that has a Java plugin. Since most websites don’t purposefully hack the computers of their visitors, this will usually happen when a hacker has compromised a site and installed the plugin without the website owners’ knowledge.
PCs and Macs alike are affected, no matter which browser you run. It can only be exploited if you’re running the Java plugin, however. Visit the official Java plugin site to see if you have Java installed – click the big red ‘Verify Java’ button and the page will reload to tell you if you have Java and which version.
The best protection until Java is updated is to disable Java in your browser. Detailed instructions for different browsers can be found at Krebs on Security. To find out which browser you’re running, visit an identification site. The good news is that Java has fallen out of favor as a technology on websites, so disabling it likely won’t cause your internet experience any harm.