Although there is no evidence that any campus computers have been hurt by a nationwide computer security vulnerability, Columbia University Information Technology is still urging students to take precautions.
Last Friday, Columbia University Information Technology Vice President and Chief Information Officer Candace Fleming sent an email urging students to disable Java in their browsers due to “a critical security issue with applications that rely on Java.”
According to the U.S. Department of Homeland Security, a vulnerability in Java programs versions 7 and earlier allows “a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”
Fleming said that CUIT is acting in accordance with recommendations issued by the Department of Homeland Security to advise all students and staff to disable Java from their web browsers.
Eleanor Templeton, a CUIT spokesperson, said that disabling Java would serve as a temporary precaution until Oracle, the corporation that develops Java, creates a security patch.
Templeton added that there is “no evidence that any University computers have been compromised, and this Java notice was issued purely as a precaution for our community, so that individuals can protect the computers that they use on campus, including personal computers.”
In addition to recommending that students protect their personal computers, Fleming said that CUIT would be disabling Java in office-based computers managed by CUIT.
Oracle said on Monday that it released an updated version of Java that does not contain the vulnerability and that it is available for users to download on Java’s website.
Tracey Wang contributed reporting.