Jump to content

Java Exploit - disable or uninstall Java immediately


Guest miyamotogL

Recommended Posts

Guest MAJ.Kaossilator=US=

For anyone who doesn't know...

 

IE9:

1. Gear Icon (upper right; or tap 'Alt' and go to Tools menu)

2. Internet Options

3. Programs tab

4. "Manage Add-ons"

5. In the "Toolbars and Extensions" section, highlight both Java plug-ins, and click the "Disable" button in the lower-right

 

Firefox:

1. Firefox menu (upper left)

2. Add-ons

3. In the "Plugins" section, click the "Disable" button next to Java Platform

 

Chrome:

1. Options/List icon to the right of the URL bar

2. Settings

3. Scroll all the way down, click "show advanced settings"

4. In the Privacy section, click "Content Settings"

5. About 1/3 of the way down is "Plug-ins"

6. Click "Disable individual plug-ins"

7. Find Java and hit the "disable" link

Link to comment
Share on other sites

Guest MAJ.Kaossilator=US=
Java 9 affected? It says Java 7.

 

It would be Java 7 Update 10 and earlier, sir. If you're looking at your current Java version and it says 9, I'm guessing that you're seeing the Update number. So at a guess that would be Java 7 Update 9.

Link to comment
Share on other sites

Guest miyamotogL
I had to turn it off manually. I doubt it will take very long for an update to be released. This is a serious defect that Oracle will have to address with a patch very quickly. If you "need" to use Java, make sure to keep the browser plugins disabled except when going directly to a Java website that you already use (SBSCommerce, etc.). If you do not "need" to use Java, just uninstall it. It is a quick process to install in the rare event that you will ever need to have it.
Link to comment
Share on other sites

Guest XboxxKiller
I'm no computer genius, what exactly is it that this exploit does? What am I supposed to be afraid of?

 

The site says -

Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.

Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

Link to comment
Share on other sites

Guest MAJ.Kaossilator=US=

^^ Which means that the remote attacker is now down to the OS security layer. Java is just the "back door" they're coming in, which exists at the sufferance of the operating system. The OS will still allow/disallow certain actions depending on how Java is integrated into it. However, that still leaves an awfully wide open range of code that a remote attacker could execute.

 

So in theory, the impact could be devastating. Now... the upside is that even locally, most sensitive information is hashed and encrypted so you're unlikely to have someone digging through browser cookies and finding passwords and such with much success. But still.. the effect is severe to say the least.

Link to comment
Share on other sites

Guest miyamotogL

^^ Exactly. Arbitrary code means exactly that. Just about anything. Like CPT.Kaos mentioned, the OS should block anything that would modify the system (UAC). Even then, how many people would unknowingly just click YES?

 

Besides, who uses Java anyway? Just uninstall it unless you need it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...