• Departments
  • Academic Technology
  • Enterprise Computing
  • Finance & Planning
  • Information Technology Security & Preparedness
  • Project Management Office
  • Strategic Technology
  • Client Services
• Signals
• UNH IT Guide
• Blackboard
  • Blackboard Help and Information
  • Blackboard System Data Policies
  • Blackboard Upgrade
  • Courses/Training
  • Documentation
  • Go To Blackboard
  • Logging In / Password Reset
  • Module Request
  • Organization Requests
  • Plagiarism
  • Reporting a Problem
• Email
  • Directed Communication
  • Directories
  • Getting An Account
  • Mailing Lists
  • Microsoft Lync
  • Outlook Exchange
  • Outlook Web Access
  • Privacy
  • WildcatsMail (student email)
• Equipment
  • Classrooms
  • Computer Service Center
  • Equipment Reservations Request
  • Phones
  • Public Computing Clusters
  • Safe Electronic Equipment Disposal Program
  • UNH Computer Store
  • Video Conferencing
• Network
  • Custom Secure Networks
  • Internet
  • On Campus
  • Security
  • Videoconferencing
  • Wide Area (NH)
  • WiFi Wireless
• Software
  • Download Software
  • Help
  • Training
  • UNH Computer Store
  • Virus Protection
  • VPN
• Support
  • Accounts
  • Audiovisual
  • Banner
  • Blackboard
  • Business Service Center
  • Change Password
  • Computer Service Center
  • Document Imaging
  • Information regarding Java Vulnerabilities at UNH
  • IT Service Desk
  • IT Support Center
  • Mobile Devices and Applications
  • Questions for UNH IT
  • SharePoint
  • Training
  • Software & Hardware Guide
  • UNH IT Guide
  • Web Pages
  • WEBI
• Telephones
  • Authorization Codes
  • Directories
  • Making Calls at UNH
  • Repair
  • Services & Rates
  • Telecom Account Access
  • Telecom Account Manager
  • Voicemail

Information regarding Java Vulnerabilities at UNH

Java Runtime Environment (JRE) Frequently Asked Questions

Updated 3-7-2013

A number of significant vulnerabilities have been identified on computers running the Java Runtime Environment software that pose serious security risks. The risks involve third-parties using this vulnerability to silently install malicious programs onto your computer, which may compromise your personal information, expose University resources, and harm the computer.

The vulnerabilities exist in current and previous versions of Java Runtime Environment (JRE) 6 and 7. As a precaution, UNH IT recommends non-Enterprise users to update their JRE software to the latest version to minimize the risks from unpatched vulnerabilities that are present in older versions. Please read the instructions and FAQs below for more information.

What is JRE and why do I need it?
Read more here

What is the vulnerability?
The identified versions of JRE7 allow malicious code to run on a computer without permissions or any notification to the user. Further details are available at the following sites:

• CERT Article
• Oracle Article
• Vulnerabilities Announced on 2/28/13 (posted 3/1/13)

I use Enterprise applications (Banner, WebI, Deski, FAMIS, Kronos, Appman). What should I do?
Enterprise applications users should install the version specified for your particular Enterprise application, located here.

I do NOT use Enterprise applications. Should I update my version of Java?
Yes, but you will first need to remove all older versions of JRE 5, 6 and older versions of JRE 7 and replace it with the current version of JRE 7.

Instructions for removing old versions of Java
Instructions for installing the latest version of Java
Information and System Requirements for using Java on Macintosh Computers

Note: When you are installing the software, be careful to deselect any optional add-ons (toolbars, browsers, etc).

I have a Macintosh computer?  Am I affected?  
According to information publicly available from Oracle, the issue affects all client installations of JRE regardless of operating system.  Macintosh users should use the instructions above to install the latest version of Java to their computers.

I have a Macintosh and I am having trouble using the VPN and/or Blackboard Collaborate.  What do I do?
In response to the latest vulnerabilities, on January 31, 2013, Apple released an update to disable native Java support on multiple versions of the Macintosh Operating System.  This affects the ability to use Java-dependent applications such as the VPN and Blackboard Collaborate.  Follow the directions below based on the version of Mac OS that you are running.

• Mac OS 10.7.3 (Lion) or higher: Follow these instructions to install the latest version of Java to your computer.
• Mac OS 10.7.1/10.7.2 (Lion): Users of these versions should update to OS 10.7.3 or later, which is required to run JRE 7. Choose Software Update from the Apple Menu to check for the latest operating system updates.  The ‘OS X Lion v10.7.3 Update’ should be listed as an available update for version 10.7.1 or 10.7.2 computers. After updating, follow these instructions to install the latest version of Java to your computer.

• Mac OS 10.6.x (Snow Leopard): (Posted 3-7-2013) A patch has been released for users of OS 10.6 (Snow Leopard) that installs updated Java code. Follow the directions for “OS X 10.6.8 Snow Leopard” at http://support.apple.com/kb/HT5648, and restart your computer once the installation is complete.  More technical information about this update is available at http://support.apple.com/kb/HT5677.

There may be multiple versions of Java installed on your computer, and the method to check varies slightly between versions of Windows.

• Windows XP: Click Start>Control Panel>Add/Remove Programs. Look for Java in the program list, and the version will be displayed.
• Vista/Windows 7: Click Start. In the Search bar type ‘appwiz.cpl’. Look for Java in the program list, and the version will be displayed.
• Windows 8: Use the key combination windows+R. In the dialogue box type ‘appwiz.cpl’. Look for Java in the program list, and the version will be displayed.

• Mac OS: From the Finder menu, click ‘System Preferences’, then open ‘Java’.  Once the control panel opens, go to the ‘General’ tab and click the ‘About’ button.  The version number is then displayed. If you do not have Java installed, there will be no control panel available.

How do I just update JRE? 
There is no particular update; an updated version is simply released by Oracle. Follow the instructions above to download and install the latest version of JRE.

Why should I uninstall older versions of JRE? 
Read more

How do I disable Java, or disable it for a specific browser? 
Instructions are located here

I already have JRE, and the Updater is prompting me to update to JRE7 Update 11. Is it okay to install this update? 
Yes, it is safe and recommended to get to the latest version of JRE.