Last Friday the Dept of Homeland Security issued a warning advising computer users to disable Java on their computers. This was based on the discovery of a new vulnerability that could affect web browsers.
Over the weekend we got a lot of questions about how this affects CrashPlan, since it uses Java.
The short answer is that it does not affect CrashPlan at all, and CrashPlan users can continue to use Java.
The vulnerability only affects the Java browser plug-in, which CrashPlan doesn’t use (or need), and it only affects Java 7, which is not used by CrashPlan.
Here’s Oracle’s official statement about the scope of the problem -
“Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly.”
What should you do?
As far as CrashPlan goes, you can continue to use it as always. You do not need to disable or remove Java.
If you’d like to disable the Java browser plug-in, which is a good precaution, here are some simple instructions from the Sophos Naked Security website -
For Chrome - How to disable Java – Chrome
For Safari - How to disable Java – Safari
For FireFox - How to disable Java – Firefox
For Opera - How to disable Java – Opera