Information Technology Services - Computing, Networking and Storage

ITS Announcements

Update to Java Security Vulnerabilities (January 15)

Oracle has released Java 7 Update 11, available at java.com/en/download/index.jsp, which will partially mitigate the security vulnerabilities mentioned in the announcement below.

The Department of Homeland Security (DHS) recommends that you apply this patch as soon as possible but keep Java disabled on your computer unless absolutely necessary.

For more information on this patch, see the Oracle security alert on this topic.

To stay informed on a variety of IT security issues, including the latest security vulnerabilities and patches, read the ITS Security Blog.

Java Disabled Due To Security Vulnerabilities (January 11)

On Thursday, January 10, the U.S. Department of Homeland Security (DHS) posted an advisory indicating that, due to security vulnerabilities, users should disable Java in their web browsers. DHS has stated that it is currently unaware of a practical solution to this problem.

Due to this advisory, Mozilla has disabled Java in all versions of its Firefox browser, and Apple has disabled Java on all machines running Mac OS X 10.6 Snow Leopard and later.

When Java is disabled, users may not be able to access some functions on USC websites, including eTrac (www.usc.edu/etrac) and the AnyConnect VPN installer (vpn.usc.edu).

Oracle has not announced when it will release a patch for these vulnerabilities.